Built with
Alectryon , running Coq+SerAPI v8.14.0+0.14.0. Bubbles (
) indicate interactive fragments: hover for details, tap to reveal contents. Use
Ctrl+↑ Ctrl+↓ to navigate,
Ctrl+🖱️ to focus. On Mac, use
⌘ instead of
Ctrl .
Require Import VST.floyd.proofauto.
Require Import VST.msl.iter_sepcon.
Require Import int128_impl.
Instance CompSpecs : compspecs. make_compspecs prog. Defined .The default value for instance locality is currently
"local" in a section and "global" otherwise, but is
scheduled to change in a future release. For the time
being, adding instances outside of sections without
specifying an explicit locality attribute is therefore
deprecated. It is recommended to use "export" whenever
possible. Use the attributes #[local], #[global ] and
#[export] depending on your choice. For example:
"#[export] Instance Foo : Bar := baz."
[deprecated-instance-without-locality,deprecated]
Definition Vprog : varspecs. mk_varspecs prog. Defined .
Lemma Z_shiftr_neg1_l : forall n : Z, 0 <= n -> Z.shiftr (-1 ) n = -1 .forall n : Z, 0 <= n -> Z.shiftr (-1 ) n = -1
Proof .forall n : Z, 0 <= n -> Z.shiftr (-1 ) n = -1
apply natlike_rec.
reflexivity .forall x : Z,
0 <= x ->
Z.shiftr (-1 ) x = -1 -> Z.shiftr (-1 ) (Z.succ x) = -1
intros x Hx Hrec.x : Z Hx : 0 <= xHrec : Z.shiftr (-1 ) x = -1
Z.shiftr (-1 ) (Z.succ x) = -1
rewrite <- Z.add_1_r, <- Z.shiftr_shiftr, Hrec by auto with zarith.x : Z Hx : 0 <= xHrec : Z.shiftr (-1 ) x = -1
Z.shiftr (-1 ) 1 = -1
reflexivity .
Qed .
Lemma Int64_low_is_nonneg (x : Z) :
Int64.min_signed <= x <= Int64.max_signed ->
x mod 2 ^ 64 < 2 ^63 -> 0 <= x < 2 ^63 .x : Z
Int64.min_signed <= x <= Int64.max_signed ->
x mod 2 ^ 64 < 2 ^ 63 -> 0 <= x < 2 ^ 63
Proof .x : Z
Int64.min_signed <= x <= Int64.max_signed ->
x mod 2 ^ 64 < 2 ^ 63 -> 0 <= x < 2 ^ 63
intros [Hx0 Hx1] Hxmod.x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : x mod 2 ^ 64 < 2 ^ 63
0 <= x < 2 ^ 63
destruct (Z.neg_nonneg_cases x) as [Hneg|Hpos].x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : x mod 2 ^ 64 < 2 ^ 63 Hneg : x < 0
0 <= x < 2 ^ 63
* x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : x mod 2 ^ 64 < 2 ^ 63 Hneg : x < 0
0 <= x < 2 ^ 63
apply Zlt_not_le in Hxmod.x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : ~ 2 ^ 63 <= x mod 2 ^ 64 Hneg : x < 0
0 <= x < 2 ^ 63
elim Hxmod.x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : ~ 2 ^ 63 <= x mod 2 ^ 64 Hneg : x < 0
2 ^ 63 <= x mod 2 ^ 64
change x with (2 ^64 mod 2 ^64 + x).x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : ~ 2 ^ 63 <= x mod 2 ^ 64 Hneg : x < 0
2 ^ 63 <= (2 ^ 64 mod 2 ^ 64 + x) mod 2 ^ 64
rewrite Zplus_mod_idemp_l.x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : ~ 2 ^ 63 <= x mod 2 ^ 64 Hneg : x < 0
2 ^ 63 <= (2 ^ 64 + x) mod 2 ^ 64
rewrite Z.mod_small; rep_lia.
* x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : x mod 2 ^ 64 < 2 ^ 63 Hpos : 0 <= x
0 <= x < 2 ^ 63
rewrite Z.mod_small in Hxmod; rep_lia.
Qed .
Lemma Int64_high_is_neg (x : Z) :
Int64.min_signed <= x <= Int64.max_signed ->
2 ^63 <= x mod 2 ^ 64 -> -2 ^63 <= x < 0 .x : Z
Int64.min_signed <= x <= Int64.max_signed ->
2 ^ 63 <= x mod 2 ^ 64 -> - 2 ^ 63 <= x < 0
Proof .x : Z
Int64.min_signed <= x <= Int64.max_signed ->
2 ^ 63 <= x mod 2 ^ 64 -> - 2 ^ 63 <= x < 0
intros [Hx0 Hx1] Hxmod.x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : 2 ^ 63 <= x mod 2 ^ 64
- 2 ^ 63 <= x < 0
destruct (Z.neg_nonneg_cases x) as [Hneg|Hpos].x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : 2 ^ 63 <= x mod 2 ^ 64 Hneg : x < 0
- 2 ^ 63 <= x < 0
* x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : 2 ^ 63 <= x mod 2 ^ 64 Hneg : x < 0
- 2 ^ 63 <= x < 0
change x with (2 ^64 mod 2 ^64 + x) in Hxmod.x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : 2 ^ 63 <= (2 ^ 64 mod 2 ^ 64 + x) mod 2 ^ 64 Hneg : x < 0
- 2 ^ 63 <= x < 0
rewrite Zplus_mod_idemp_l in Hxmod.x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : 2 ^ 63 <= (2 ^ 64 + x) mod 2 ^ 64 Hneg : x < 0
- 2 ^ 63 <= x < 0
rewrite Z.mod_small in Hxmod; rep_lia.
* x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : 2 ^ 63 <= x mod 2 ^ 64 Hpos : 0 <= x
- 2 ^ 63 <= x < 0
apply Zlt_not_le in Hxmod;[contradiction |].x : Z Hx0 : Int64.min_signed <= x Hx1 : x <= Int64.max_signed Hxmod : 2 ^ 63 <= x mod 2 ^ 64 Hpos : 0 <= x
x mod 2 ^ 64 < 2 ^ 63
rewrite Z.mod_small; rep_lia.
Qed .
Lemma mul128_tight x y (Hx : Int64.min_signed <= x <= Int64.max_signed)
(Hy : Int64.min_signed <= y <= Int64.max_signed) :
-2 ^126 +2 ^63 <= x * y <= 2 ^126 .x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed
- 2 ^ 126 + 2 ^ 63 <= x * y <= 2 ^ 126
Proof .x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed
- 2 ^ 126 + 2 ^ 63 <= x * y <= 2 ^ 126
change (- 2 ^ 126 + 2 ^ 63 ) with (-(2 ^63 * (2 ^63 - 1 ))).x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed
- (2 ^ 63 * (2 ^ 63 - 1 )) <= x * y <= 2 ^ 126
destruct (Z.neg_nonneg_cases y).x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : y < 0
- (2 ^ 63 * (2 ^ 63 - 1 )) <= x * y <= 2 ^ 126
change (2 ^126 ) with ((-2 ^63 ) * (-2 ^63 )).x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : y < 0
- (2 ^ 63 * (2 ^ 63 - 1 )) <= x * y <=
- 2 ^ 63 * - 2 ^ 63
split .x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : y < 0
- (2 ^ 63 * (2 ^ 63 - 1 )) <= x * y
rewrite Z.mul_comm, <- Z.mul_opp_r.x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : y < 0
(2 ^ 63 - 1 ) * - 2 ^ 63 <= x * y
transitivity ((2 ^ 63 - 1 ) * y);[apply Z.mul_le_mono_nonneg_l|apply Z.mul_le_mono_nonpos_r];rep_lia.x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : y < 0
x * y <= - 2 ^ 63 * - 2 ^ 63
transitivity ((-2 ^ 63 ) * y);[apply Z.mul_le_mono_nonpos_r|];rep_lia.x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : 0 <= y
- (2 ^ 63 * (2 ^ 63 - 1 )) <= x * y <= 2 ^ 126
change (2 ^62 ) with (2 ^63 * 2 ^63 ).x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : 0 <= y
- (2 ^ 63 * (2 ^ 63 - 1 )) <= x * y <= 2 ^ 126
split .x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : 0 <= y
- (2 ^ 63 * (2 ^ 63 - 1 )) <= x * y
rewrite <- Z.mul_opp_l.x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : 0 <= y
- 2 ^ 63 * (2 ^ 63 - 1 ) <= x * y
transitivity ((-2 ^ 63 ) * y);[apply Z.mul_le_mono_nonpos_l|apply Z.mul_le_mono_nonneg_r];rep_lia.x, y : Z Hx : Int64.min_signed <= x <= Int64.max_signed Hy : Int64.min_signed <= y <= Int64.max_signed H : 0 <= y
x * y <= 2 ^ 126
transitivity ((2 ^ 63 ) * y);[apply Z.mul_le_mono_nonneg_r|];rep_lia.
Qed .
Ltac forward_verify_check :=
match goal with |- semax _ ?E _ _ =>
forward_loop E continue:E break:E
end ;[entailer!|try (forward_if;[elimtype False |forward;entailer!])|forward;entailer|].
Definition Int128_modulus : Z := 2 ^128 .
Definition Int128_max_unsigned : Z := Int128_modulus - 1 .
Definition Int128_max_signed : Z := 2 ^127 - 1 .
Definition Int128_min_signed : Z := -2 ^127 .
Definition t_secp256k1_uint128 := Tstruct _secp256k1_uint128 noattr.
Lemma iter_sepcon_wand_in B f (x : B) l (Hl : In x l) : iter_sepcon f l = (f x * (f x -* iter_sepcon f l))%logic.B : Type f : B -> mpred x : B l : list B Hl : In x l
iter_sepcon f l =
(f x * (f x -* iter_sepcon f l))%logic
Proof .B : Type f : B -> mpred x : B l : list B Hl : In x l
iter_sepcon f l =
(f x * (f x -* iter_sepcon f l))%logic
apply pred_ext;[|apply wand_frame_elim].B : Type f : B -> mpred x : B l : list B Hl : In x l
iter_sepcon f l |-- f x * (f x -* iter_sepcon f l)
apply In_Permutation_cons in Hl.B : Type f : B -> mpred x : B l : list B Hl : exists l' : list B, Permutation l (x :: l')
iter_sepcon f l |-- f x * (f x -* iter_sepcon f l)
destruct Hl as [l' Hl'].B : Type f : B -> mpred x : B l, l' : list B Hl' : Permutation l (x :: l')
iter_sepcon f l |-- f x * (f x -* iter_sepcon f l)
rewrite (iter_sepcon_permutation _ Hl').B : Type f : B -> mpred x : B l, l' : list B Hl' : Permutation l (x :: l')
iter_sepcon f (x :: l')
|-- f x * (f x -* iter_sepcon f (x :: l'))
simpl .B : Type f : B -> mpred x : B l, l' : list B Hl' : Permutation l (x :: l')
f x * iter_sepcon f l'
|-- f x * (f x -* f x * iter_sepcon f l')
entailer!. B : Type f : B -> mpred x : B l, l' : list B Hl' : Permutation l (x :: l')
iter_sepcon f l' |-- f x -* f x * iter_sepcon f l'
apply wand_frame_intro.
Qed .
(* (secp256k1_uint128_at sh x p) says that the structure pointed to by p
* is equivalent to x modulo 2^128.
*)
Definition secp256k1_uint128_at sh x :=
data_at sh
t_secp256k1_uint128 (Vlong (Int64.repr x), Vlong (Int64.repr (Z.shiftr x 64 ))).
Module secp256k1_uint128 .
Record args :=
{ share : Share.t
; z : Z
; ptr : val
}.
Definition at_args (x : args) : mpred :=
secp256k1_uint128_at (share x) (z x) (ptr x).
End secp256k1_uint128 .
Definition secp256k1_umulh_spec : ident * funspec :=
DECLARE _secp256k1_umulh
WITH a : Z, b : Z
PRE [ tulong, tulong ]
PROP(0 <= a < Int64.modulus;
0 <= b < Int64.modulus)
PARAMS(Vlong (Int64.repr a); Vlong (Int64.repr b))
SEP()
POST [ tulong ]
PROP()
RETURN(Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
SEP().
Definition secp256k1_mulh_spec : ident * funspec :=
DECLARE _secp256k1_mulh
WITH a : Z, b : Z
PRE [ tlong, tlong ]
PROP(Int64.min_signed <= a <= Int64.max_signed;
Int64.min_signed <= b <= Int64.max_signed)
PARAMS(Vlong (Int64.repr a); Vlong (Int64.repr b))
SEP()
POST [ tlong ]
PROP()
RETURN(Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
SEP().
Definition secp256k1_u128_mul_spec : ident * funspec :=
DECLARE _secp256k1_u128_mul
WITH r : val, sh : share, a : Z, b : Z
PRE [ tptr t_secp256k1_uint128, tulong, tulong ]
PROP(writable_share sh;
0 <= a < Int64.modulus;
0 <= b < Int64.modulus)
PARAMS(r; Vlong (Int64.repr a); Vlong (Int64.repr b))
SEP(data_at_ sh t_secp256k1_uint128 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (a * b) r).
Definition secp256k1_u128_accum_mul_spec : ident * funspec :=
DECLARE _secp256k1_u128_accum_mul
WITH r : val, sh : share, r0 : Z, a : Z, b : Z
PRE [ tptr t_secp256k1_uint128, tulong, tulong ]
PROP(writable_share sh;
0 <= a < Int64.modulus;
0 <= b < Int64.modulus)
PARAMS(r; Vlong (Int64.repr a); Vlong (Int64.repr b))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (r0 + a * b) r).
Definition secp256k1_u128_accum_u64_spec : ident * funspec :=
DECLARE _secp256k1_u128_accum_u64
WITH r : val, sh : share, r0 : Z, a : Z
PRE [ tptr t_secp256k1_uint128, tulong ]
PROP(writable_share sh;
0 <= a < Int64.modulus)
PARAMS(r; Vlong (Int64.repr a))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (r0 + a) r).
Definition secp256k1_u128_rshift_spec : ident * funspec :=
DECLARE _secp256k1_u128_rshift
WITH r : val, sh : share, r0 : Z, n : Z
PRE [ tptr t_secp256k1_uint128, tuint ]
PROP(writable_share sh;
0 <= r0 < Int128_modulus;
0 <= n < 128 )
PARAMS(r; Vint (Int.repr n))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (Z.shiftr r0 n) r).
Definition secp256k1_u128_to_u64_spec : ident * funspec :=
DECLARE _secp256k1_u128_to_u64
WITH r : val, sh : share, r0 : Z
PRE [ tptr t_secp256k1_uint128 ]
PROP(readable_share sh)
PARAMS(r)
SEP(secp256k1_uint128_at sh r0 r)
POST [ tulong ]
PROP()
RETURN(Vlong (Int64.repr r0))
SEP(secp256k1_uint128_at sh r0 r).
Definition secp256k1_u128_hi_u64_spec : ident * funspec :=
DECLARE _secp256k1_u128_hi_u64
WITH r : val, sh : share, r0 : Z
PRE [ tptr t_secp256k1_uint128 ]
PROP(readable_share sh)
PARAMS(r)
SEP(secp256k1_uint128_at sh r0 r)
POST [ tulong ]
PROP()
RETURN(Vlong (Int64.repr (Z.shiftr r0 64 )))
SEP(secp256k1_uint128_at sh r0 r).
Definition secp256k1_u128_from_u64_spec : ident * funspec :=
DECLARE _secp256k1_u128_from_u64
WITH r : val, sh : share, a : Z
PRE [ tptr t_secp256k1_uint128, tulong ]
PROP(writable_share sh;
0 <= a < Int64.modulus)
PARAMS(r; Vlong (Int64.repr a))
SEP(data_at_ sh t_secp256k1_uint128 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh a r).
Definition secp256k1_u128_check_bits_spec : ident * funspec :=
DECLARE _secp256k1_u128_check_bits
WITH r : val, sh : share, r0 : Z, n : Z
PRE [ tptr t_secp256k1_uint128, tuint ]
PROP(readable_share sh;
0 <= r0 < 2 ^128 ;
0 <= n < 128 )
PARAMS(r; Vint (Int.repr n))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tint ]
PROP()
RETURN(Vint (Int.repr (if r0 <? 2 ^n then 1 else 0 )))
SEP(secp256k1_uint128_at sh r0 r).
Definition secp256k1_i128_mul_spec : ident * funspec :=
DECLARE _secp256k1_i128_mul
WITH r : val, sh : share, a : Z, b : Z
PRE [ tptr t_secp256k1_uint128, tlong, tlong ]
PROP(writable_share sh;
Int64.min_signed <= a <= Int64.max_signed;
Int64.min_signed <= b <= Int64.max_signed)
PARAMS(r; Vlong (Int64.repr a); Vlong (Int64.repr b))
SEP(data_at_ sh t_secp256k1_uint128 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (a * b) r).
Definition secp256k1_i128_accum_mul_spec : ident * funspec :=
DECLARE _secp256k1_i128_accum_mul
WITH r : val, sh : share, r0 : Z, a : Z, b : Z
PRE [ tptr t_secp256k1_uint128, tlong, tlong ]
PROP(writable_share sh;
Int64.min_signed <= a <= Int64.max_signed;
Int64.min_signed <= b <= Int64.max_signed;
Int128_min_signed <= r0 <= Int128_max_signed;
Int128_min_signed <= r0 + a * b <= Int128_max_signed)
PARAMS(r; Vlong (Int64.repr a); Vlong (Int64.repr b))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (r0 + a * b) r).
Definition secp256k1_i128_dissip_mul_spec : ident * funspec :=
DECLARE _secp256k1_i128_dissip_mul
WITH r : val, sh : share, r0 : Z, a : Z, b : Z
PRE [ tptr t_secp256k1_uint128, tlong, tlong ]
PROP(writable_share sh;
Int64.min_signed <= a <= Int64.max_signed;
Int64.min_signed <= b <= Int64.max_signed;
Int128_min_signed <= r0 <= Int128_max_signed;
Int128_min_signed <= r0 - a * b <= Int128_max_signed)
PARAMS(r; Vlong (Int64.repr a); Vlong (Int64.repr b))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (r0 - a * b) r).
Definition secp256k1_i128_det_spec : ident * funspec :=
DECLARE _secp256k1_i128_det
WITH r : val, sh : share, a : Z, b : Z, c : Z, d : Z
PRE [ tptr t_secp256k1_uint128, tlong, tlong, tlong, tlong ]
PROP(writable_share sh;
Int64.min_signed <= a <= Int64.max_signed;
Int64.min_signed <= b <= Int64.max_signed;
Int64.min_signed <= c <= Int64.max_signed;
Int64.min_signed <= d <= Int64.max_signed;
Int128_min_signed <= a * d - b * c <= Int128_max_signed)
PARAMS(r; Vlong (Int64.repr a); Vlong (Int64.repr b);
Vlong (Int64.repr c); Vlong (Int64.repr d))
SEP(data_at_ sh t_secp256k1_uint128 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (a * d - b * c) r).
Definition secp256k1_i128_rshift_spec : ident * funspec :=
DECLARE _secp256k1_i128_rshift
WITH r : val, sh : share, r0 : Z, n : Z
PRE [ tptr t_secp256k1_uint128, tuint ]
PROP(writable_share sh;
Int128_min_signed <= r0 <= Int128_max_signed;
0 <= n < 128 )
PARAMS(r; Vint (Int.repr n))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh (Z.shiftr r0 n) r).
Definition secp256k1_i128_to_i64_spec : ident * funspec :=
DECLARE _secp256k1_i128_to_i64
WITH r : val, sh : share, r0 : Z
PRE [ tptr t_secp256k1_uint128 ]
PROP(readable_share sh;
Int64.min_signed <= r0 <= Int64.max_signed)
PARAMS(r)
SEP(secp256k1_uint128_at sh r0 r)
POST [ tlong ]
PROP()
RETURN(Vlong (Int64.repr r0))
SEP(secp256k1_uint128_at sh r0 r).
Definition secp256k1_i128_from_i64_spec : ident * funspec :=
DECLARE _secp256k1_i128_from_i64
WITH r : val, sh : share, a : Z
PRE [ tptr t_secp256k1_uint128, tlong ]
PROP(writable_share sh;
Int64.min_signed <= a <= Int64.max_signed)
PARAMS(r; Vlong (Int64.repr a))
SEP(data_at_ sh t_secp256k1_uint128 r)
POST [ tvoid ]
PROP()
RETURN()
SEP(secp256k1_uint128_at sh a r).
Definition secp256k1_i128_eq_var_spec : ident * funspec :=
DECLARE _secp256k1_i128_eq_var
WITH ptrs : list secp256k1_uint128.args,
r : secp256k1_uint128.args,
s : secp256k1_uint128.args
PRE [ tptr t_secp256k1_uint128, tptr t_secp256k1_uint128 ]
PROP(In r ptrs;
In s ptrs;
readable_share (secp256k1_uint128.share r);
readable_share (secp256k1_uint128.share s))
PARAMS(secp256k1_uint128.ptr r; secp256k1_uint128.ptr s)
SEP(iter_sepcon secp256k1_uint128.at_args ptrs)
POST [ tint ]
PROP()
RETURN(Vint (Int.repr (if secp256k1_uint128.z r mod 2 ^128 =? secp256k1_uint128.z s mod 2 ^128 then 1 else 0 )))
SEP(iter_sepcon secp256k1_uint128.at_args ptrs).
(*
Definition secp256k1_i128_eq_var_spec : ident * funspec :=
DECLARE _secp256k1_i128_eq_var
WITH r : val, shr : share, r0 : Z,
s : val, shs : share, s0 : Z
PRE [ tptr t_secp256k1_uint128, tptr t_secp256k1_uint128 ]
PROP(readable_share shr;
readable_share shs)
PARAMS(r; s)
SEP(secp256k1_uint128_at shr r0 r;
secp256k1_uint128_at shs s0 s)
POST [ tint ]
PROP()
RETURN(Vint (Int.repr (if r0 mod 2^128 =? s0 mod 2^128 then 1 else 0)))
SEP(secp256k1_uint128_at shr r0 r
;secp256k1_uint128_at shs s0 s).
*)
Definition secp256k1_i128_check_bit_spec : ident * funspec :=
DECLARE _secp256k1_i128_check_bit
WITH r : val, sh : share, r0 : Z, n : Z
PRE [ tptr t_secp256k1_uint128, tuint ]
PROP(readable_share sh;
0 <= n < 127 )
PARAMS(r; Vint (Int.repr n))
SEP(secp256k1_uint128_at sh r0 r)
POST [ tint ]
PROP()
RETURN(Vint (Int.repr (if r0 mod 2 ^128 =? 2 ^n then 1 else 0 )))
SEP(secp256k1_uint128_at sh r0 r).
Definition Gprog := ltac :(with_library prog
[secp256k1_umulh_spec
;secp256k1_mulh_spec
;secp256k1_u128_mul_spec
;secp256k1_u128_accum_mul_spec
;secp256k1_u128_accum_u64_spec
;secp256k1_u128_rshift_spec
;secp256k1_u128_to_u64_spec
;secp256k1_u128_hi_u64_spec
;secp256k1_u128_from_u64_spec
;secp256k1_u128_check_bits_spec
;secp256k1_i128_mul_spec
;secp256k1_i128_accum_mul_spec
;secp256k1_i128_dissip_mul_spec
;secp256k1_i128_det_spec
;secp256k1_i128_rshift_spec
;secp256k1_i128_to_i64_spec
;secp256k1_i128_from_i64_spec
;secp256k1_i128_eq_var_spec
;secp256k1_i128_check_bit_spec
]).
Lemma body_secp256k1_umulh : semax_body Vprog Gprog f_secp256k1_umulh secp256k1_umulh_spec.semax_body Vprog Gprog f_secp256k1_umulh
secp256k1_umulh_spec
Proof .semax_body Vprog Gprog f_secp256k1_umulh
secp256k1_umulh_spec
start_function. Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t1 = ((tulong) (tuint) _a * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
repeat forward.Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
emp
|-- !! (Vlong
(Int64.add
(Int64.add
(Int64.mul
(Int64.shru (Int64.repr a)
(Int64.repr 32 ))
(Int64.shru (Int64.repr b)
(Int64.repr 32 )))
(Int64.shru
(Int64.mul
(Int64.shru (Int64.repr a)
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned (Int.repr b))))
(Int64.repr 32 )))
(Int64.shru
(Int64.add
(Int64.add
(Int64.mul
(Int64.repr
(Int.unsigned (Int.repr a)))
(Int64.shru (Int64.repr b)
(Int64.repr 32 )))
(Int64.shru
(Int64.repr
(Int.unsigned (Int.repr a) *
Int.unsigned (Int.repr b)))
(Int64.repr 32 )))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.mul
(Int64.shru
(Int64.repr a)
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned
(Int.repr b)))))))))
(Int64.repr 32 ))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
assert (Ha : 0 <= a <= Int64.max_unsigned) by
(unfold Int64.max_unsigned; lia ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHa : 0 <= a <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.add
(Int64.add
(Int64.mul
(Int64.shru (Int64.repr a)
(Int64.repr 32 ))
(Int64.shru (Int64.repr b)
(Int64.repr 32 )))
(Int64.shru
(Int64.mul
(Int64.shru (Int64.repr a)
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned (Int.repr b))))
(Int64.repr 32 )))
(Int64.shru
(Int64.add
(Int64.add
(Int64.mul
(Int64.repr
(Int.unsigned (Int.repr a)))
(Int64.shru (Int64.repr b)
(Int64.repr 32 )))
(Int64.shru
(Int64.repr
(Int.unsigned (Int.repr a) *
Int.unsigned (Int.repr b)))
(Int64.repr 32 )))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.mul
(Int64.shru
(Int64.repr a)
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned
(Int.repr b)))))))))
(Int64.repr 32 ))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
assert (Hb : 0 <= b <= Int64.max_unsigned) by
(unfold Int64.max_unsigned; lia ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHa : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.add
(Int64.add
(Int64.mul
(Int64.shru (Int64.repr a)
(Int64.repr 32 ))
(Int64.shru (Int64.repr b)
(Int64.repr 32 )))
(Int64.shru
(Int64.mul
(Int64.shru (Int64.repr a)
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned (Int.repr b))))
(Int64.repr 32 )))
(Int64.shru
(Int64.add
(Int64.add
(Int64.mul
(Int64.repr
(Int.unsigned (Int.repr a)))
(Int64.shru (Int64.repr b)
(Int64.repr 32 )))
(Int64.shru
(Int64.repr
(Int.unsigned (Int.repr a) *
Int.unsigned (Int.repr b)))
(Int64.repr 32 )))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.mul
(Int64.shru
(Int64.repr a)
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned
(Int.repr b)))))))))
(Int64.repr 32 ))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite !Int64.shru_div_two_p, !mul64_repr, !add64_repr.Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHa : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.repr
(Int64.unsigned (Int64.repr a) /
two_p (Int64.unsigned (Int64.repr 32 )) *
(Int64.unsigned (Int64.repr b) /
two_p (Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(Int64.unsigned (Int64.repr a) /
two_p
(Int64.unsigned (Int64.repr 32 )) *
Int.unsigned (Int.repr b))) /
two_p (Int64.unsigned (Int64.repr 32 )) +
Int64.unsigned
(Int64.repr
(Int.unsigned (Int.repr a) *
(Int64.unsigned (Int64.repr b) /
two_p
(Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(Int.unsigned (Int.repr a) *
Int.unsigned (Int.repr b))) /
two_p
(Int64.unsigned (Int64.repr 32 )) +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(Int64.unsigned
(Int64.repr a) /
two_p
(Int64.unsigned ...) *
Int.unsigned
(Int.repr b))))))) /
two_p (Int64.unsigned (Int64.repr 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite (Int64.unsigned_repr a), (Int64.unsigned_repr b) by assumption .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHa : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.repr
(a /
two_p (Int64.unsigned (Int64.repr 32 )) *
(b /
two_p (Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(a /
two_p
(Int64.unsigned (Int64.repr 32 )) *
Int.unsigned (Int.repr b))) /
two_p (Int64.unsigned (Int64.repr 32 )) +
Int64.unsigned
(Int64.repr
(Int.unsigned (Int.repr a) *
(b /
two_p
(Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(Int.unsigned (Int.repr a) *
Int.unsigned (Int.repr b))) /
two_p
(Int64.unsigned (Int64.repr 32 )) +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a /
two_p
(Int64.unsigned ...) *
Int.unsigned
(Int.repr b))))))) /
two_p (Int64.unsigned (Int64.repr 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite (Int.unsigned_repr_eq a), (Int.unsigned_repr_eq b).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHa : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.repr
(a /
two_p (Int64.unsigned (Int64.repr 32 )) *
(b /
two_p (Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(a /
two_p
(Int64.unsigned (Int64.repr 32 )) *
(b mod Int.modulus))) /
two_p (Int64.unsigned (Int64.repr 32 )) +
Int64.unsigned
(Int64.repr
(a mod Int.modulus *
(b /
two_p
(Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(a mod Int.modulus *
(b mod Int.modulus))) /
two_p
(Int64.unsigned (Int64.repr 32 )) +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a /
two_p
(Int64.unsigned ...) *
(b mod Int.modulus))))))) /
two_p (Int64.unsigned (Int64.repr 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
change (Int.modulus) with (2 ^32 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHa : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.repr
(a /
two_p (Int64.unsigned (Int64.repr 32 )) *
(b /
two_p (Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(a /
two_p
(Int64.unsigned (Int64.repr 32 )) *
(b mod 2 ^ 32 ))) /
two_p (Int64.unsigned (Int64.repr 32 )) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b /
two_p
(Int64.unsigned (Int64.repr 32 ))) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) /
two_p
(Int64.unsigned (Int64.repr 32 )) +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a /
two_p
(Int64.unsigned ...) *
(b mod 2 ^ 32 ))))))) /
two_p (Int64.unsigned (Int64.repr 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
change (two_p (Int64.unsigned (Int64.repr 32 ))) with (2 ^32 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHa : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) / 2 ^ 32 +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
change (Int64.modulus) with (2 ^64 ) in *.Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) / 2 ^ 32 +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
assert (Hadiv : 0 <= a / 2 ^ 32 < 2 ^32 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
0 <= a / 2 ^ 32 < 2 ^ 32
split ;[apply Z.div_pos; auto with *|].Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsigned
a / 2 ^ 32 < 2 ^ 32
apply Z.div_lt_upper_bound;[|change (2 ^32 *2 ^32 ) with (2 ^64 )]; lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) / 2 ^ 32 +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
assert (Hbdiv : 0 <= b / 2 ^ 32 < 2 ^32 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32
0 <= b / 2 ^ 32 < 2 ^ 32
split ;[apply Z.div_pos; auto with *|].Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32
b / 2 ^ 32 < 2 ^ 32
apply Z.div_lt_upper_bound;[|change (2 ^32 *2 ^32 ) with (2 ^64 )]; lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) / 2 ^ 32 +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
assert (Hmul64ext : forall x y c d , 0 <= x < 2 ^32 -> 0 <= y < 2 ^32 ->
0 <= c < 2 ^32 -> 0 <= d < 2 ^32 ->
0 <= x * y + c + d <= 2 ^64 - 1 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32
forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 -> 0 <= x * y + c + d <= 2 ^ 64 - 1
intros x y c d Hx Hy Hc Hd.Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 x, y, c, d : Z Hx : 0 <= x < 2 ^ 32 Hy : 0 <= y < 2 ^ 32 Hc : 0 <= c < 2 ^ 32 Hd : 0 <= d < 2 ^ 32
0 <= x * y + c + d <= 2 ^ 64 - 1
split ;[lia |].Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 x, y, c, d : Z Hx : 0 <= x < 2 ^ 32 Hy : 0 <= y < 2 ^ 32 Hc : 0 <= c < 2 ^ 32 Hd : 0 <= d < 2 ^ 32
x * y + c + d <= 2 ^ 64 - 1
change (2 ^64 - 1 ) with ((2 ^32 - 1 )*(2 ^32 - 1 ) + (2 ^32 - 1 ) + (2 ^32 - 1 )).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 x, y, c, d : Z Hx : 0 <= x < 2 ^ 32 Hy : 0 <= y < 2 ^ 32 Hc : 0 <= c < 2 ^ 32 Hd : 0 <= d < 2 ^ 32
x * y + c + d <=
(2 ^ 32 - 1 ) * (2 ^ 32 - 1 ) + (2 ^ 32 - 1 ) +
(2 ^ 32 - 1 )
repeat apply Z.add_le_mono; try lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 x, y, c, d : Z Hx : 0 <= x < 2 ^ 32 Hy : 0 <= y < 2 ^ 32 Hc : 0 <= c < 2 ^ 32 Hd : 0 <= d < 2 ^ 32
x * y <= (2 ^ 32 - 1 ) * (2 ^ 32 - 1 )
eapply Z.le_trans;[apply Z.mul_le_mono_nonneg_l|apply Z.mul_le_mono_nonneg_r]; lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) / 2 ^ 32 +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
assert (Hmul64 : forall x y , 0 <= x < 2 ^32 -> 0 <= y < 2 ^32 -> 0 <= x * y <= 2 ^64 - 1 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1
forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1
intros x y Hx Hy.Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 x, y : Z Hx : 0 <= x < 2 ^ 32 Hy : 0 <= y < 2 ^ 32
0 <= x * y <= 2 ^ 64 - 1
replace (x * y) with (x * y + 0 + 0 ) by ring .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 x, y : Z Hx : 0 <= x < 2 ^ 32 Hy : 0 <= y < 2 ^ 32
0 <= x * y + 0 + 0 <= 2 ^ 64 - 1
apply Hmul64ext; auto ; lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) / 2 ^ 32 +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
assert (Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 < 2 ^ 32 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1
0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 < 2 ^ 32
assert (Hamod := Z.mod_bound_pos a (2 ^32 )).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Hamod : 0 <= a ->
0 < 2 ^ 32 -> 0 <= a mod 2 ^ 32 < 2 ^ 32
0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 < 2 ^ 32
assert (Hbmod := Z.mod_bound_pos b (2 ^32 )).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Hamod : 0 <= a ->
0 < 2 ^ 32 -> 0 <= a mod 2 ^ 32 < 2 ^ 32 Hbmod : 0 <= b ->
0 < 2 ^ 32 -> 0 <= b mod 2 ^ 32 < 2 ^ 32
0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 < 2 ^ 32
split ;[apply Z.div_pos; try apply Z.mul_nonneg_nonneg; auto with *|].Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Hamod : 0 <= a ->
0 < 2 ^ 32 -> 0 <= a mod 2 ^ 32 < 2 ^ 32 Hbmod : 0 <= b ->
0 < 2 ^ 32 -> 0 <= b mod 2 ^ 32 < 2 ^ 32
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 < 2 ^ 32
apply Z.div_lt_upper_bound;[lia |change (2 ^32 *2 ^32 ) with (2 ^64 )].Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Hamod : 0 <= a ->
0 < 2 ^ 32 -> 0 <= a mod 2 ^ 32 < 2 ^ 32 Hbmod : 0 <= b ->
0 < 2 ^ 32 -> 0 <= b mod 2 ^ 32 < 2 ^ 32
a mod 2 ^ 32 * (b mod 2 ^ 32 ) < 2 ^ 64
cut (a mod 2 ^ 32 * (b mod 2 ^ 32 ) <= 2 ^ 64 - 1 );[lia |].Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Hamod : 0 <= a ->
0 < 2 ^ 32 -> 0 <= a mod 2 ^ 32 < 2 ^ 32 Hbmod : 0 <= b ->
0 < 2 ^ 32 -> 0 <= b mod 2 ^ 32 < 2 ^ 32
a mod 2 ^ 32 * (b mod 2 ^ 32 ) <= 2 ^ 64 - 1
apply Hmul64; lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ))) / 2 ^ 32 +
Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite (Int64.unsigned_repr (a mod 2 ^32 * _)), Int64.unsigned_repr by
(apply Hmul64; try apply Z.mod_pos_bound; auto with *).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
Int.unsigned
(Int.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite <- Z.div_add_l, Z.mul_add_distr_r by lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 *
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
Int.unsigned
(Int.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))))) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite Int.unsigned_repr_eq; change Int.modulus with (2 ^32 ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 *
2 ^ 32 +
Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 ))) / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite Int64.unsigned_repr by
(apply Hmul64ext; try apply Z.mod_pos_bound;auto ;lia ).Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 *
2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite <- Z.div_add_l, <- (Z.mul_assoc (a mod 2 ^32 )), <- Z.mul_add_distr_l,
(Z.mul_comm (b / 2 ^32 )), <- Z_div_mod_eq by lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 *
2 ^ 32 +
(a mod 2 ^ 32 * b / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
replace (a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 * 2 ^ 32 +
(a mod 2 ^ 32 * b / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 ))
with (a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
(2 ^ 32 * (a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 ) +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 ) + a mod 2 ^ 32 * b / 2 ^ 32 )
by ring .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
(2 ^ 32 *
(a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 ) +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 ) +
a mod 2 ^ 32 * b / 2 ^ 32 ) / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite <- Z_div_mod_eq by lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) +
a mod 2 ^ 32 * b / 2 ^ 32 ) / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
replace (a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) + a mod 2 ^ 32 * b / 2 ^ 32 )
with (a / 2 ^ 32 * (2 ^ 32 * (b / 2 ^ 32 ) + b mod 2 ^ 32 ) + a mod 2 ^ 32 * b / 2 ^ 32 )
by ring .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 *
(2 ^ 32 * (b / 2 ^ 32 ) + b mod 2 ^ 32 ) +
a mod 2 ^ 32 * b / 2 ^ 32 ) / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite <- Z_div_mod_eq, <- Z.div_add_l by lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((a / 2 ^ 32 * b * 2 ^ 32 +
a mod 2 ^ 32 * b) / 2 ^ 32 / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
replace (a / 2 ^ 32 * b * 2 ^ 32 + a mod 2 ^ 32 * b)
with ((2 ^ 32 * (a / 2 ^ 32 ) + a mod 2 ^ 32 ) * b)
by ring .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr
((2 ^ 32 * (a / 2 ^ 32 ) + a mod 2 ^ 32 ) *
b / 2 ^ 32 / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite <- Z_div_mod_eq, <- !Z.shiftr_div_pow2, Z.shiftr_shiftr by lia .Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : 0 <= a < 2 ^ 64 H0 : 0 <= b < 2 ^ 64 Ha : 0 <= a <= Int64.max_unsignedHb : 0 <= b <= Int64.max_unsignedHadiv : 0 <= a / 2 ^ 32 < 2 ^ 32 Hbdiv : 0 <= b / 2 ^ 32 < 2 ^ 32 Hmul64ext : forall x y c d : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 ->
0 <= c < 2 ^ 32 ->
0 <= d < 2 ^ 32 ->
0 <= x * y + c + d <= 2 ^ 64 - 1 Hmul64 : forall x y : Z,
0 <= x < 2 ^ 32 ->
0 <= y < 2 ^ 32 -> 0 <= x * y <= 2 ^ 64 - 1 Habdiv : 0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <
2 ^ 32
emp
|-- !! (Vlong
(Int64.repr (Z.shiftr (a * b) (32 + 32 ))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
entailer!.
Qed .
Lemma body_secp256k1_mulh : semax_body Vprog Gprog f_secp256k1_mulh secp256k1_mulh_spec.semax_body Vprog Gprog f_secp256k1_mulh
secp256k1_mulh_spec
Proof .semax_body Vprog Gprog f_secp256k1_mulh
secp256k1_mulh_spec
assert (Hmul64_tight : forall x y , -2 ^31 <= x <= 2 ^31 - 1 -> -2 ^31 <= y <= 2 ^31 -1 -> -2 ^62 +2 ^31 <= x * y <= 2 ^62 ).forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62
intros x y Hx Hy.x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62
change (-2 ^62 + 2 ^31 ) with (-(2 ^31 * (2 ^31 - 1 ))).x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1
- (2 ^ 31 * (2 ^ 31 - 1 )) <= x * y <= 2 ^ 62
destruct (Z.neg_nonneg_cases y).x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : y < 0
- (2 ^ 31 * (2 ^ 31 - 1 )) <= x * y <= 2 ^ 62
change (2 ^62 ) with ((-2 ^31 ) * (-2 ^31 )).x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : y < 0
- (2 ^ 31 * (2 ^ 31 - 1 )) <= x * y <=
- 2 ^ 31 * - 2 ^ 31
split .x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : y < 0
- (2 ^ 31 * (2 ^ 31 - 1 )) <= x * y
rewrite Z.mul_comm, <- Z.mul_opp_r.x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : y < 0
(2 ^ 31 - 1 ) * - 2 ^ 31 <= x * y
transitivity ((2 ^ 31 - 1 ) * y);[apply Z.mul_le_mono_nonneg_l|apply Z.mul_le_mono_nonpos_r];lia .x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : y < 0
x * y <= - 2 ^ 31 * - 2 ^ 31
transitivity ((-2 ^ 31 ) * y);[apply Z.mul_le_mono_nonpos_r|];try lia .x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : 0 <= y
- (2 ^ 31 * (2 ^ 31 - 1 )) <= x * y <= 2 ^ 62
change (2 ^62 ) with (2 ^31 * 2 ^31 ).x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : 0 <= y
- (2 ^ 31 * (2 ^ 31 - 1 )) <= x * y <= 2 ^ 31 * 2 ^ 31
split .x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : 0 <= y
- (2 ^ 31 * (2 ^ 31 - 1 )) <= x * y
rewrite <- Z.mul_opp_l.x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : 0 <= y
- 2 ^ 31 * (2 ^ 31 - 1 ) <= x * y
transitivity ((-2 ^ 31 ) * y);[apply Z.mul_le_mono_nonpos_l|apply Z.mul_le_mono_nonneg_r];lia .x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : - 2 ^ 31 <= y <= 2 ^ 31 - 1 H : 0 <= y
x * y <= 2 ^ 31 * 2 ^ 31
transitivity ((2 ^ 31 ) * y);[apply Z.mul_le_mono_nonneg_r|];try lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62
semax_body Vprog Gprog f_secp256k1_mulh
secp256k1_mulh_spec
assert (Hmul64 : forall x y , -2 ^31 <= x <= 2 ^31 - 1 -> 0 <= y < 2 ^32 -> -2 ^63 <= x * y <= 2 ^63 - 1 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62
forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 -> - 2 ^ 63 <= x * y <= 2 ^ 63 - 1
intros x y Hx Hy.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : 0 <= y < 2 ^ 32
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1
change (2 ^63 ) with (2 ^31 * 2 ^32 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : 0 <= y < 2 ^ 32
- (2 ^ 31 * 2 ^ 32 ) <= x * y <= 2 ^ 31 * 2 ^ 32 - 1
split .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : 0 <= y < 2 ^ 32
- (2 ^ 31 * 2 ^ 32 ) <= x * y
rewrite <- Z.mul_opp_l.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : 0 <= y < 2 ^ 32
- 2 ^ 31 * 2 ^ 32 <= x * y
transitivity (-2 ^31 * y);[|apply Z.mul_le_mono_nonneg_r];lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : 0 <= y < 2 ^ 32
x * y <= 2 ^ 31 * 2 ^ 32 - 1
transitivity ((2 ^31 - 1 )*(2 ^32 ));[|lia ].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 x, y : Z Hx : - 2 ^ 31 <= x <= 2 ^ 31 - 1 Hy : 0 <= y < 2 ^ 32
x * y <= (2 ^ 31 - 1 ) * 2 ^ 32
transitivity ((2 ^31 - 1 ) * y);[apply Z.mul_le_mono_nonneg_r|];lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1
semax_body Vprog Gprog f_secp256k1_mulh
secp256k1_mulh_spec
assert (Hdiv32bound : forall x , Int64.min_signed <= x <= Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <= Int.max_signed).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1
forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <= Int.max_signed
change Int64.min_signed with (-2 ^63 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1
forall x : Z,
- 2 ^ 63 <= x <= Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <= Int.max_signed
change Int64.max_signed with (2 ^63 - 1 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1
forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <= Int.max_signed
change Int.min_signed with (-2 ^31 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1
forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
- 2 ^ 31 <= x / 2 ^ 32 <= Int.max_signed
change Int.max_signed with (2 ^31 - 1 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1
forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
- 2 ^ 31 <= x / 2 ^ 32 <= 2 ^ 31 - 1
intros x Hx.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hx : - 2 ^ 63 <= x <= 2 ^ 63 - 1
- 2 ^ 31 <= x / 2 ^ 32 <= 2 ^ 31 - 1
split ;[apply Z.div_le_lower_bound;lia |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hx : - 2 ^ 63 <= x <= 2 ^ 63 - 1
x / 2 ^ 32 <= 2 ^ 31 - 1
cut (x / 2 ^32 < 2 ^31 );[lia |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hx : - 2 ^ 63 <= x <= 2 ^ 63 - 1
x / 2 ^ 32 < 2 ^ 31
apply Z.div_lt_upper_bound; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signed
semax_body Vprog Gprog f_secp256k1_mulh
secp256k1_mulh_spec
assert (Hmod32 : forall x ,
Int.unsigned (Int.repr (Int64.unsigned (Int64.repr x))) = x mod 2 ^32 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signed
forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32
intros x.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedx : Z
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32
rewrite Int64.unsigned_repr_eq, Int.unsigned_repr_eq.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedx : Z
(x mod Int64.modulus) mod Int.modulus = x mod 2 ^ 32
rewrite <- Zmod_div_mod; try reflexivity .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedx : Z
(Int.modulus | Int64.modulus)
exists (2 ^32 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedx : Z
Int64.modulus = 2 ^ 32 * Int.modulus
reflexivity .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32
semax_body Vprog Gprog f_secp256k1_mulh
secp256k1_mulh_spec
assert (Hdiv32 : forall x , Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed (Int64.shr (Int64.repr x) (Int64.repr 32 )) = x / 2 ^32 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32
forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32
intros x Hx.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 x : Z Hx : Int64.min_signed <= x <= Int64.max_signed
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32
rewrite Int64.shr_div_two_p, two_p_correct, (Int64.signed_repr x) by auto .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 x : Z Hx : Int64.min_signed <= x <= Int64.max_signed
Int64.signed
(Int64.repr (x / 2 ^ Int64.unsigned (Int64.repr 32 ))) =
x / 2 ^ 32
apply Int64.signed_repr.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 x : Z Hx : Int64.min_signed <= x <= Int64.max_signed
Int64.min_signed <= x / 2 ^ 32 <= Int64.max_signed
specialize (Hdiv32bound x Hx).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hdiv32bound : Int.min_signed <= x / 2 ^ 32 <=
Int.max_signed Hmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hx : Int64.min_signed <= x <= Int64.max_signed
Int64.min_signed <= x / 2 ^ 32 <= Int64.max_signed
change Int64.min_signed with (-2 ^63 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hdiv32bound : Int.min_signed <= x / 2 ^ 32 <=
Int.max_signed Hmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hx : Int64.min_signed <= x <= Int64.max_signed
- 2 ^ 63 <= x / 2 ^ 32 <= Int64.max_signed
change Int64.max_signed with (2 ^63 - 1 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hdiv32bound : Int.min_signed <= x / 2 ^ 32 <=
Int.max_signed Hmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hx : Int64.min_signed <= x <= Int64.max_signed
- 2 ^ 63 <= x / 2 ^ 32 <= 2 ^ 63 - 1
change Int.min_signed with (-2 ^31 ) in *.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hdiv32bound : - 2 ^ 31 <= x / 2 ^ 32 <= Int.max_signed Hmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hx : Int64.min_signed <= x <= Int64.max_signed
- 2 ^ 63 <= x / 2 ^ 32 <= 2 ^ 63 - 1
change Int.max_signed with (2 ^31 - 1 ) in *.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 x : Z Hdiv32bound : - 2 ^ 31 <= x / 2 ^ 32 <= 2 ^ 31 - 1 Hmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hx : Int64.min_signed <= x <= Int64.max_signed
- 2 ^ 63 <= x / 2 ^ 32 <= 2 ^ 63 - 1
lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32
semax_body Vprog Gprog f_secp256k1_mulh
secp256k1_mulh_spec
start_function. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t1 = ((tulong) (tuint) _a * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
assert (Hmod32a : 0 <= a mod 2 ^32 < 2 ^32 ) by (apply Z.mod_pos_bound;lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32
semax Delta
(PROP ( )
LOCAL (temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t1 = ((tulong) (tuint) _a * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
assert (Hmod32b : 0 <= b mod 2 ^32 < 2 ^32 ) by (apply Z.mod_pos_bound;lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32
semax Delta
(PROP ( )
LOCAL (temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t1 = ((tulong) (tuint) _a * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
assert (Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32
- 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1
split ;
change Int64.min_signed with (-2 ^63 ) in *;
change Int64.max_signed with (2 ^63 -1 ) in *.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32
- 2 ^ 31 <= a / 2 ^ 32
apply Z.div_le_lower_bound; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32
a / 2 ^ 32 <= 2 ^ 31 - 1
cut (a / 2 ^32 < 2 ^31 );[lia |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32
a / 2 ^ 32 < 2 ^ 31
apply Z.div_lt_upper_bound; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1
semax Delta
(PROP ( )
LOCAL (temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t1 = ((tulong) (tuint) _a * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
assert (Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1
- 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1
split ;
change Int64.min_signed with (-2 ^63 ) in *;
change Int64.max_signed with (2 ^63 -1 ) in *.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1
- 2 ^ 31 <= b / 2 ^ 32
apply Z.div_le_lower_bound; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1
b / 2 ^ 32 <= 2 ^ 31 - 1
cut (b / 2 ^32 < 2 ^31 );[lia |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1
b / 2 ^ 32 < 2 ^ 31
apply Z.div_lt_upper_bound; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1
semax Delta
(PROP ( )
LOCAL (temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t1 = ((tulong) (tuint) _a * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
assert (Hab32 : Int64.min_signed <= a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1
Int64.min_signed <= a / 2 ^ 32 * (b / 2 ^ 32 ) <=
Int64.max_signed
change Int64.min_signed with (-2 ^63 ) in *;
change Int64.max_signed with (2 ^63 -1 ) in *.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1
- 2 ^ 63 <= a / 2 ^ 32 * (b / 2 ^ 32 ) <= 2 ^ 63 - 1
cut (-2 ^62 +2 ^31 <= a / 2 ^ 32 * (b / 2 ^ 32 ) <= 2 ^62 );[lia |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
- 2 ^ 63 <= x <= 2 ^ 63 - 1 ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : - 2 ^ 63 <= a <= 2 ^ 63 - 1 H0 : - 2 ^ 63 <= b <= 2 ^ 63 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1
- 2 ^ 62 + 2 ^ 31 <= a / 2 ^ 32 * (b / 2 ^ 32 ) <=
2 ^ 62
apply Hmul64_tight; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t1 = ((tulong) (tuint) _a * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
forward. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t1
(Vlong
(Int64.mul
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr a)))))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr b)))))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t2 = (_a >> (32 ) * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
rewrite !Hmod32, Int64.mul_signed, !Int64.signed_repr by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t1
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t2 = (_a >> (32 ) * (tuint) _b);
MORE_COMMANDS) POSTCONDITION
forward. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t1
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ()
|-- tc_expr Delta (_a >> (32 ) * (tuint) _b)%expr
entailer!. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
Int64.min_signed <=
Int64.signed
(Int64.shr (Int64.repr a) (Int64.repr 32 )) *
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr b))) <=
Int64.max_signed
rewrite Hmod32, Hdiv32 by auto .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
Int64.min_signed <= a / 2 ^ 32 * (b mod 2 ^ 32 ) <=
Int64.max_signed
apply Hmul64;[apply Hdiv32bound|apply Z.mod_pos_bound]; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t2
(Vlong
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr
(Int.unsigned (Int.repr 32 ))))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr b)))))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t3 = ((tuint) _a * _b >> (32 ));
MORE_COMMANDS) POSTCONDITION
change (Int.unsigned (Int.repr 32 )) with 32 .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t2
(Vlong
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr b)))))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t3 = ((tuint) _a * _b >> (32 ));
MORE_COMMANDS) POSTCONDITION
rewrite !Int64.mul_signed, Hmod32, Hdiv32 by auto .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t2
(Vlong
(Int64.repr
(a / 2 ^ 32 *
Int64.signed
(Int64.repr (b mod 2 ^ 32 )))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t3 = ((tuint) _a * _b >> (32 ));
MORE_COMMANDS) POSTCONDITION
rewrite !Int64.signed_repr by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t2
(Vlong
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t3 = ((tuint) _a * _b >> (32 ));
MORE_COMMANDS) POSTCONDITION
forward. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t2
(Vlong
(Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong (Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ()
|-- tc_expr Delta ((tuint) _a * _b >> (32 ))%expr
entailer!. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
Int64.min_signed <=
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr a))) *
Int64.signed
(Int64.shr (Int64.repr b)
(Int64.repr (Int.unsigned (Int.repr 32 )))) <=
Int64.max_signed
rewrite Hmod32, Hdiv32, Z.mul_comm by auto .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
Int64.min_signed <= b / 2 ^ 32 * (a mod 2 ^ 32 ) <=
Int64.max_signed
apply Hmul64;[apply Hdiv32bound|apply Z.mod_pos_bound]; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t3
(Vlong
(Int64.mul
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr a)))))
(Int64.shr (Int64.repr b)
(Int64.repr
(Int.unsigned (Int.repr 32 ))))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t4 = (_t1 >> (32 ) + (tuint) _t2 + (tuint) _t3);
MORE_COMMANDS) POSTCONDITION
change (Int.unsigned (Int.repr 32 )) with 32 .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t3
(Vlong
(Int64.mul
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr a)))))
(Int64.shr (Int64.repr b)
(Int64.repr 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t4 = (_t1 >> (32 ) + (tuint) _t2 + (tuint) _t3);
MORE_COMMANDS) POSTCONDITION
rewrite !Int64.mul_signed, Hmod32, Hdiv32 by auto .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t3
(Vlong
(Int64.repr
(Int64.signed
(Int64.repr (a mod 2 ^ 32 )) *
(b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t4 = (_t1 >> (32 ) + (tuint) _t2 + (tuint) _t3);
MORE_COMMANDS) POSTCONDITION
rewrite !Int64.signed_repr by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t3
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(_t4 = (_t1 >> (32 ) + (tuint) _t2 + (tuint) _t3);
MORE_COMMANDS) POSTCONDITION
forward. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.add
(Int64.add
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 )))
(Int64.repr
(Int.unsigned (Int.repr 32 ))))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b / 2 ^ 32 )))))))));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
change (Int.unsigned (Int.repr 32 )) with 32 .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.add
(Int64.add
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 )))
(Int64.repr 32 ))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 ))))))))
(Int64.repr
(Int.unsigned
(Int.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b / 2 ^ 32 )))))))));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
rewrite !Hmod32.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.add
(Int64.add
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 )))
(Int64.repr 32 ))
(Int64.repr
((a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 )))
(Int64.repr
((a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 ))));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
rewrite Int64.shru_div_two_p, two_p_correct, !add64_repr.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ Int64.unsigned (Int64.repr 32 ) +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
change (Int64.unsigned (Int64.repr 32 )) with 32 .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ))) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
rewrite Int64.unsigned_repr by
(change Int64.max_unsigned with (2 ^64 -1 );
cut (0 <= a mod 2 ^ 32 * (b mod 2 ^ 32 ) <= (2 ^32 - 1 ) * (2 ^32 + 1 ));[lia |];
split ;[auto with *|];
transitivity (a mod 2 ^32 * (2 ^32 + 1 ));[|lia ];
apply Z.mul_le_mono_nonneg_l;lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
assert (Hab2 : (- 2 ^ 62 + 2 ^ 31 ) + (- 2 ^ 31 ) <=
a / 2 ^ 32 * (b / 2 ^ 32 ) + a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
(2 ^ 62 + (2 ^31 - 1 ))).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
- 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <=
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 )
split ;apply Zplus_le_compat;
try (apply Hmul64_tight; lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
- 2 ^ 31 <= a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32
apply Z.div_le_lower_bound; try lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
2 ^ 32 * - 2 ^ 31 <= a / 2 ^ 32 * (b mod 2 ^ 32 )
apply Hmul64; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <= 2 ^ 31 - 1
apply Z.div_le_upper_bound; try lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
a / 2 ^ 32 * (b mod 2 ^ 32 ) <= 2 ^ 32 * (2 ^ 31 - 1 )
rewrite Z.mul_comm.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed
b mod 2 ^ 32 * (a / 2 ^ 32 ) <= 2 ^ 32 * (2 ^ 31 - 1 )
transitivity (b mod 2 ^ 32 * (2 ^ 31 - 1 ));
[apply Z.mul_le_mono_nonneg_l|apply Z.mul_le_mono_nonneg_r];lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <=
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 )
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
set (Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) + a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 ) in *.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 )
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
assert (Hab3 : ((- 2 ^ 62 + 2 ^ 31 ) + (- 2 ^ 31 )) + (- 2 ^ 31 ) <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
((2 ^ 62 + (2 ^31 - 1 )) + (2 ^31 - 1 ))).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 )
- 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 )
split ;apply Zplus_le_compat;
try (apply Hab2; lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 )
- 2 ^ 31 <= a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32
apply Z.div_le_lower_bound; try lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 )
2 ^ 32 * - 2 ^ 31 <= a mod 2 ^ 32 * (b / 2 ^ 32 )
rewrite (Z.mul_comm _ (_ / _)); apply Hmul64; lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 )
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <= 2 ^ 31 - 1
apply Z.div_le_upper_bound; try lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 )
a mod 2 ^ 32 * (b / 2 ^ 32 ) <= 2 ^ 32 * (2 ^ 31 - 1 )
transitivity (a mod 2 ^ 32 * (2 ^ 31 - 1 ));
[apply Z.mul_le_mono_nonneg_l|apply Z.mul_le_mono_nonneg_r];lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 )
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
assert (Hab4: 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <= 2 ^32 + 2 ^32 + 2 ^32 )
by (split ;[
repeat apply Z.add_nonneg_nonneg; try apply Z.mod_pos_bound; try apply Z.div_pos;try apply Z.mul_nonneg_nonneg; lia |];
repeat apply Zplus_le_compat; try (apply Z.lt_le_incl;apply Z.mod_pos_bound;lia );
apply Z.div_le_upper_bound;[|apply Zmult_le_compat]; lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
assert (Hab5 : 0 <= (a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3 ) by
(split ;[apply Z.div_le_lower_bound|apply Z.div_le_upper_bound];lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
semax Delta
(PROP ( )
LOCAL (temp _t4
(Vlong
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )));
temp _t3
(Vlong (Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 ))));
temp _t2
(Vlong (Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _t1
(Vlong
(Int64.repr (a mod 2 ^ 32 * (b mod 2 ^ 32 ))));
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b))) SEP ())
(return _a >> (32 ) * _b >> (32 ) + _t2 >> (32 )
+ _t3 >> (32 )
+ (tlong) (_t4 >> (32 ));) POSTCONDITION
forward; change (Z.pow_pos 2 32 ) with (2 ^32 );
fold (a / 2 ^32 ); fold (b / 2 ^32 ); fold ((a mod 2 ^ 32 * (b mod 2 ^ 32 )) / 2 ^32 ). Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) /\
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )) /\
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )) <= Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )) /\
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )) <= Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.shr (Int64.repr a) (Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b) (Int64.repr 32 )) <=
Int64.max_signed)
* Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) /\
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )) /\
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )) <= Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )) /\
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )) <= Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.shr (Int64.repr a) (Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b) (Int64.repr 32 )) <=
Int64.max_signed)
rewrite Hdiv32 by (rewrite Z.mul_comm; apply Hmul64;auto ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) /\
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )) /\
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
Int64.signed
(Int64.shr
(Int64.repr (a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )) <= Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.shr (Int64.repr a) (Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b) (Int64.repr 32 )) <=
Int64.max_signed)
rewrite Hdiv32 by (apply Hmul64;auto ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) /\
Int64.signed
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 ))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 ))) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.mul
(Int64.shr (Int64.repr a) (Int64.repr 32 ))
(Int64.shr (Int64.repr b) (Int64.repr 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.shr (Int64.repr a) (Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b) (Int64.repr 32 )) <=
Int64.max_signed)
rewrite !Int64.mul_signed, !Int64.add_signed.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.shr (Int64.repr a)
(Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))) +
Int64.signed
(Int64.shr
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.shr (Int64.repr a)
(Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))) +
Int64.signed
(Int64.shr
(Int64.repr
(a / 2 ^ 32 *
(b mod 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.shr (Int64.repr a)
(Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))) +
Int64.signed
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.shr (Int64.repr a)
(Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))) +
Int64.signed
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.shr (Int64.repr a)
(Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.shr (Int64.repr a)
(Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.shr (Int64.repr a) (Int64.repr 32 )) *
Int64.signed
(Int64.shr (Int64.repr b) (Int64.repr 32 )) <=
Int64.max_signed)
rewrite !Hdiv32 by auto .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
rewrite Hdiv32 by (rewrite Z.mul_comm; apply Hmul64;auto ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
rewrite Int64.shru_div_two_p.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) /
two_p (Int64.unsigned (Int64.repr 32 )))) /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) /
two_p (Int64.unsigned (Int64.repr 32 )))) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
change (two_p _) with (2 ^32 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr (a / 2 ^ 32 * (b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
rewrite (Int64.signed_repr (_ * _)) by apply Hab32.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) /\
Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
rewrite (Int64.signed_repr ((_ * _) + _)) by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) /\
Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 /\
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
fold Hab2body.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Int64.signed
(Int64.repr
(Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) /\
Int64.signed
(Int64.repr
(Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <= Hab2body /\
Hab2body <= Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
rewrite (Int64.signed_repr (Hab2body + _)) by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <= Hab2body /\
Hab2body <= Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
rewrite Int64.unsigned_repr by
(change Int64.max_unsigned with (2 ^64 - 1 ); lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
Int64.signed
(Int64.repr
((a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 ) / 2 ^ 32 )) /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
Int64.signed
(Int64.repr
((a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 ) / 2 ^ 32 )) <=
Int64.max_signed /\
Int64.min_signed <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <= Hab2body /\
Hab2body <= Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
rewrite Int64.signed_repr by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Int64.min_signed <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= Int64.max_signed /\
Int64.min_signed <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
Int64.max_signed /\
Int64.min_signed <= Hab2body /\
Hab2body <= Int64.max_signed /\
Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed)
change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (- 2 ^ 63 <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 2 ^ 63 - 1 /\
- 2 ^ 63 <=
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 /\
Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 63 - 1 /\
- 2 ^ 63 <= Hab2body /\
Hab2body <= 2 ^ 63 - 1 /\
- 2 ^ 63 <= a / 2 ^ 32 * (b / 2 ^ 32 ) <=
2 ^ 63 - 1 )
entailer!.
* Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.add
(Int64.add
(Int64.add
(Int64.mul
(Int64.shr (Int64.repr a)
(Int64.repr 32 ))
(Int64.shr (Int64.repr b)
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a / 2 ^ 32 * (b mod 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 * (b / 2 ^ 32 )))
(Int64.repr 32 )))
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 ))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite !Int64.mul_signed, !Int64.add_signed.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.shr (...)
(...)) *
Int64.signed
(Int64.shr (...)
(...)))) +
Int64.signed
(Int64.shr
(Int64.repr
(a / 2 ^ 32 *
(b mod ...)))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 *
(b / 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
repeat rewrite Hdiv32 by auto .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 *
(b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.shr
(Int64.repr
(a mod 2 ^ 32 *
(b / 2 ^ 32 )))
(Int64.repr 32 )))) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite Hdiv32 by (rewrite Z.mul_comm; apply Hmul64;auto ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 *
(b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.shru
(Int64.repr
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) (Int64.repr 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite Int64.shru_div_two_p.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 *
(b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) /
two_p
(Int64.unsigned (Int64.repr 32 )))))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
change (two_p _) with (2 ^32 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 *
(b / 2 ^ 32 ))) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite (Int64.signed_repr (_ * _)) by apply Hab32.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 )) +
a mod 2 ^ 32 * (b / 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite (Int64.signed_repr ((_ * _) + _)) by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
fold Hab2body.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Int64.signed
(Int64.repr
(Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) /
2 ^ 32 )) +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite (Int64.signed_repr (Hab2body + _)) by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
Int64.signed
(Int64.repr
(Int64.unsigned
(Int64.repr
(a mod 2 ^ 32 *
(b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 )) / 2 ^ 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite Int64.unsigned_repr by
(change Int64.max_unsigned with (2 ^64 - 1 ); lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
Int64.signed
(Int64.repr
((a mod 2 ^ 32 * (b mod 2 ^ 32 ) /
2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 ) / 2 ^ 32 )))) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
rewrite Int64.signed_repr by
(change Int64.min_signed with (-2 ^63 );
change Int64.max_signed with (2 ^63 - 1 );
lia ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
emp
|-- !! (Vlong
(Int64.repr
(Hab2body +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 ))
mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 ))
mod 2 ^ 32 ) / 2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
entailer!. Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
Vlong
(Int64.repr
(Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 )) =
Vlong (Int64.repr (Z.shiftr (a * b) 64 ))
do 2 f_equal .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) / 2 ^ 32 =
Z.shiftr (a * b) 64
unfold Hab2body.Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) / 2 ^ 32 =
Z.shiftr (a * b) 64
change 64 with (32 + 32 ).Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) / 2 ^ 32 =
Z.shiftr (a * b) (32 + 32 )
rewrite <- Z.shiftr_shiftr by lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) / 2 ^ 32 =
Z.shiftr (Z.shiftr (a * b) 32 ) 32
rewrite !Z.shiftr_div_pow2, <- Z.div_add_l by lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
((a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 ) * 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 )) / 2 ^ 32 =
a * b / 2 ^ 32 / 2 ^ 32
f_equal .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
(a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 ) * 2 ^ 32 +
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) =
a * b / 2 ^ 32
transitivity
((a / 2 ^ 32 * (b / 2 ^ 32 )) * 2 ^ 32 +
(2 ^ 32 * (a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 ) + (a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(2 ^ 32 * (a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 ) + (a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 ));
[ring |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
(2 ^ 32 * (a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 ) +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(2 ^ 32 * (a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 ) +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 ) =
a * b / 2 ^ 32
rewrite <- !Z_div_mod_eq by lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a mod 2 ^ 32 * (b / 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
a / 2 ^ 32 * (b mod 2 ^ 32 ) = a * b / 2 ^ 32
transitivity
(a / 2 ^ 32 * (2 ^ 32 * (b / 2 ^ 32 ) + (b mod 2 ^ 32 )) +
(a mod 2 ^ 32 * (b / 2 ^ 32 ) + a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 )
);[ring |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * (2 ^ 32 * (b / 2 ^ 32 ) + b mod 2 ^ 32 ) +
(a mod 2 ^ 32 * (b / 2 ^ 32 ) +
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 ) =
a * b / 2 ^ 32
rewrite <- Z_div_mod_eq, <- Z.div_add_l by lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * b +
(a mod 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 +
a mod 2 ^ 32 * (b mod 2 ^ 32 )) / 2 ^ 32 =
a * b / 2 ^ 32
replace (a mod 2 ^ 32 * (b / 2 ^ 32 ) * 2 ^ 32 + a mod 2 ^ 32 * (b mod 2 ^ 32 ))
with (a mod 2 ^ 32 * (2 ^ 32 * (b / 2 ^ 32 ) +(b mod 2 ^ 32 )))
by ring .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * b +
a mod 2 ^ 32 * (2 ^ 32 * (b / 2 ^ 32 ) + b mod 2 ^ 32 ) /
2 ^ 32 = a * b / 2 ^ 32
rewrite <- Z_div_mod_eq, <- Z.div_add_l by lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
(a / 2 ^ 32 * b * 2 ^ 32 + a mod 2 ^ 32 * b) / 2 ^ 32 =
a * b / 2 ^ 32
f_equal .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a / 2 ^ 32 * b * 2 ^ 32 + a mod 2 ^ 32 * b = a * b
transitivity ((2 ^ 32 * (a / 2 ^ 32 ) + a mod 2 ^ 32 ) * b);[ring |].Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
(2 ^ 32 * (a / 2 ^ 32 ) + a mod 2 ^ 32 ) * b = a * b
rewrite <- Z_div_mod_eq by lia .Hmul64_tight : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
- 2 ^ 31 <= y <= 2 ^ 31 - 1 ->
- 2 ^ 62 + 2 ^ 31 <= x * y <= 2 ^ 62 Hmul64 : forall x y : Z,
- 2 ^ 31 <= x <= 2 ^ 31 - 1 ->
0 <= y < 2 ^ 32 ->
- 2 ^ 63 <= x * y <= 2 ^ 63 - 1 Hdiv32bound : forall x : Z,
Int64.min_signed <= x <=
Int64.max_signed ->
Int.min_signed <= x / 2 ^ 32 <=
Int.max_signedHmod32 : forall x : Z,
Int.unsigned
(Int.repr (Int64.unsigned (Int64.repr x))) =
x mod 2 ^ 32 Hdiv32 : forall x : Z,
Int64.min_signed <= x <= Int64.max_signed ->
Int64.signed
(Int64.shr (Int64.repr x) (Int64.repr 32 )) =
x / 2 ^ 32 Espec : OracleKind a, b : Z Delta_specs : Maps.PTree.t funspec H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed Hmod32a : 0 <= a mod 2 ^ 32 < 2 ^ 32 Hmod32b : 0 <= b mod 2 ^ 32 < 2 ^ 32 Hdiv32a : - 2 ^ 31 <= a / 2 ^ 32 <= 2 ^ 31 - 1 Hdiv32b : - 2 ^ 31 <= b / 2 ^ 32 <= 2 ^ 31 - 1 Hab32 : Int64.min_signed <=
a / 2 ^ 32 * (b / 2 ^ 32 ) <= Int64.max_signed Hab2body := a / 2 ^ 32 * (b / 2 ^ 32 ) +
a / 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 : Z Hab2 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 <= Hab2body <=
2 ^ 62 + (2 ^ 31 - 1 ) Hab3 : - 2 ^ 62 + 2 ^ 31 + - 2 ^ 31 + - 2 ^ 31 <=
Hab2body + a mod 2 ^ 32 * (b / 2 ^ 32 ) / 2 ^ 32 <=
2 ^ 62 + (2 ^ 31 - 1 ) + (2 ^ 31 - 1 ) Hab4 : 0 <=
a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 <=
2 ^ 32 + 2 ^ 32 + 2 ^ 32 Hab5 : 0 <=
(a mod 2 ^ 32 * (b mod 2 ^ 32 ) / 2 ^ 32 +
(a / 2 ^ 32 * (b mod 2 ^ 32 )) mod 2 ^ 32 +
(a mod 2 ^ 32 * (b / 2 ^ 32 )) mod 2 ^ 32 ) /
2 ^ 32 <= 3
a * b = a * b
reflexivity .
Qed .
Lemma body_secp256k1_u128_mul_spec : semax_body Vprog Gprog f_secp256k1_u128_mul secp256k1_u128_mul_spec.semax_body Vprog Gprog f_secp256k1_u128_mul
secp256k1_u128_mul_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_mul
secp256k1_u128_mul_spec
start_function. Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at_ sh t_secp256k1_uint128 r))
((_t'1 = _secp256k1_umulh([(_a)%expr; (_b)%expr]);
(_r->_hi) = _t'1;)
MORE_COMMANDS) POSTCONDITION
forward_call. Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at_ sh t_secp256k1_uint128 r))
((_r->_hi) = _t'1;
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.mul (Int64.repr a) (Int64.repr b)),
Vlong (Int64.repr (Z.shiftr (a * b) 64 ))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh (a * b) r)
rewrite mul64_repr.Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (a * b)),
Vlong (Int64.repr (Z.shiftr (a * b) 64 ))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh (a * b) r)
entailer!.
Qed .
Lemma body_secp256k1_u128_accum_mul_spec : semax_body Vprog Gprog f_secp256k1_u128_accum_mul secp256k1_u128_accum_mul_spec.semax_body Vprog Gprog f_secp256k1_u128_accum_mul
secp256k1_u128_accum_mul_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_accum_mul
secp256k1_u128_accum_mul_spec
start_function. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (secp256k1_uint128_at sh r0 r))
(_lo = (_a * _b);
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_lo = (_a * _b);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _lo
(Vlong
(Int64.mul (Int64.repr a)
(Int64.repr b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'1 = _secp256k1_umulh([(_a)%expr; (_b)%expr]);
_t'3 = (_r->_hi);
_t'4 = (_r->_lo);
(_r->_hi) = (_t'3 + (_t'1 + ((~_lo) < _t'4)));)
MORE_COMMANDS) POSTCONDITION
forward_call. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo
(Vlong (Int64.mul (Int64.repr a) (Int64.repr b)));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'3 = (_r->_hi);
_t'4 = (_r->_lo);
(_r->_hi) = (_t'3 + (_t'1 + ((~_lo) < _t'4)));)
MORE_COMMANDS) POSTCONDITION
do 5 forward.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo
(Vlong (Int64.mul (Int64.repr a) (Int64.repr b)));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.add (Int64.repr r0)
(Int64.mul (Int64.repr a) (Int64.repr b))),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.not
(Int64.mul (Int64.repr a)
(Int64.repr b)))
(Int64.repr r0))))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
rewrite mul64_repr, add64_repr.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.not
(Int64.repr (a * b)))
(Int64.repr r0))))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
rewrite <- (Int64.repr_unsigned (Int64.not (Int64.repr _))),
Int64.unsigned_not,
Int64.unsigned_repr_eq.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.repr
(Int64.max_unsigned -
(a * b) mod Int64.modulus))
(Int64.repr r0))))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.repr
(Int64.max_unsigned -
(a * b) mod 2 ^ 64 ))
(Int64.repr r0))))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
case_eq (Int64.ltu (Int64.repr (Int64.max_unsigned - (a * b) mod 2 ^ 64 )) (Int64.repr r0)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true ->
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true ->
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
intros Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true))))) r
|-- secp256k1_uint128_at sh (r0 + a * b) r
simpl .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.add (Int64.repr (Z.shiftr r0 64 ))
(Int64.add (Int64.repr (Z.shiftr (a * b) 64 ))
(Int64.repr (Int.signed Int.one))))) r
|-- secp256k1_uint128_at sh (r0 + a * b) r
rewrite !add64_repr.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 +
(Z.shiftr (a * b) 64 + Int.signed Int.one))))
r |-- secp256k1_uint128_at sh (r0 + a * b) r
change (Int.signed Int.one) with 1 .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 + (Z.shiftr (a * b) 64 + 1 ))))
r |-- secp256k1_uint128_at sh (r0 + a * b) r
apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 + (Z.shiftr (a * b) 64 + 1 ))))
r |-- secp256k1_uint128_at sh (r0 + a * b) r
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 + (Z.shiftr (a * b) 64 + 1 ))))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
rewrite Z.add_assoc, !Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr (r0 / 2 ^ 64 + a * b / 2 ^ 64 + 1 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
replace 1 with ((r0 mod 2 ^ 64 + (a * b) mod 2 ^64 ) / 2 ^ 64 );[|apply Z.le_antisymm].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 + a * b / 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 )))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 + a * b / 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 )))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
rewrite <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(((r0 / 2 ^ 64 + a * b / 2 ^ 64 ) * 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 )) /
2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
replace ((r0 / 2 ^ 64 + a * b / 2 ^ 64 ) * 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ))
with ((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 ) +
(2 ^ 64 * (a * b / 2 ^ 64 ) + (a * b) mod 2 ^ 64 ))
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 +
(2 ^ 64 * (a * b / 2 ^ 64 ) +
(a * b) mod 2 ^ 64 )) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
rewrite <- !Z_div_mod_eq by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
entailer!.
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 <= 1
apply Zlt_succ_le.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 <
Z.succ 1
apply Z.div_lt_upper_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64 * Z.succ 1
change (2 ^64 * _) with (2 ^64 + 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64 + 2 ^ 64
assert (Hmod := fun x => (proj2 (Z.mod_pos_bound x (2 ^64 ) (refl_equal _)))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true))))) Hmod : forall x : Z, x mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64 + 2 ^ 64
apply Z.add_lt_mono; auto .
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
1 <= (r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64
apply Z.div_le_lower_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
2 ^ 64 * 1 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
change (2 ^64 *1 ) with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
2 ^ 64 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
apply Z.le_sub_le_add_r.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
2 ^ 64 - (a * b) mod 2 ^ 64 <= r0 mod 2 ^ 64
unfold Int64.max_unsigned in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.modulus - 1 - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
2 ^ 64 - (a * b) mod 2 ^ 64 <= r0 mod 2 ^ 64
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hlt;
[change Int64.modulus with (2 ^64 ) in Hlt;lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.modulus - 1 - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
0 <= Int64.modulus - 1 - (a * b) mod 2 ^ 64 <=
Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 -1 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.modulus - 1 - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
0 <= Int64.modulus - 1 - (a * b) mod 2 ^ 64 <=
2 ^ 64 - 1
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.modulus - 1 - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
0 <= 2 ^ 64 - 1 - (a * b) mod 2 ^ 64 <= 2 ^ 64 - 1
cut (0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHlt : Int64.unsigned
(Int64.repr
(Int64.modulus - 1 - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool true)))))
0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
apply Z.mod_pos_bound; lia .
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulus
Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false ->
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
intros Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'2 (Vlong (Int64.repr r0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'1 (Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(r0 + a * b) r)
entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false))))) r
|-- secp256k1_uint128_at sh (r0 + a * b) r
simpl .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.add (Int64.repr (Z.shiftr r0 64 ))
(Int64.add (Int64.repr (Z.shiftr (a * b) 64 ))
(Int64.repr (Int.signed Int.zero))))) r
|-- secp256k1_uint128_at sh (r0 + a * b) r
rewrite !add64_repr.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 +
(Z.shiftr (a * b) 64 + Int.signed Int.zero))))
r |-- secp256k1_uint128_at sh (r0 + a * b) r
change (Int.signed Int.zero) with 0 .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 + (Z.shiftr (a * b) 64 + 0 ))))
r |-- secp256k1_uint128_at sh (r0 + a * b) r
apply ltu_false_inv64 in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 + (Z.shiftr (a * b) 64 + 0 ))))
r |-- secp256k1_uint128_at sh (r0 + a * b) r
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr r0 64 + (Z.shiftr (a * b) 64 + 0 ))))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
rewrite Z.add_assoc, !Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr (r0 / 2 ^ 64 + a * b / 2 ^ 64 + 0 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
replace 0 with ((r0 mod 2 ^ 64 + (a * b) mod 2 ^64 ) / 2 ^ 64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 + a * b / 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 )))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 + a * b / 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 )))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
rewrite <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(((r0 / 2 ^ 64 + a * b / 2 ^ 64 ) * 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 )) /
2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
replace ((r0 / 2 ^ 64 + a * b / 2 ^ 64 ) * 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ))
with ((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 ) +
(2 ^ 64 * (a * b / 2 ^ 64 ) + (a * b) mod 2 ^ 64 ))
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 +
(2 ^ 64 * (a * b / 2 ^ 64 ) +
(a * b) mod 2 ^ 64 )) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
rewrite <- !Z_div_mod_eq by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
entailer!.
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 = 0
apply Z.div_small.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64
split .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
+ Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
assert (Hmod := fun x => (proj1 (Z.mod_pos_bound x (2 ^64 ) (refl_equal _)))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false))))) Hmod : forall x : Z, 0 <= x mod 2 ^ 64
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
apply Z.add_nonneg_nonneg;auto .
+ Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hnlt;
[unfold Int64.max_unsigned in Hnlt;
change (Int64.modulus) with (2 ^64 ) in Hnlt;
lia
|].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
0 <= Int64.max_unsigned - (a * b) mod 2 ^ 64 <=
Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 - 1 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
0 <= 2 ^ 64 - 1 - (a * b) mod 2 ^ 64 <= 2 ^ 64 - 1
cut (0 <= (a * b) mod 2 ^ 64 < 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= a < Int64.modulusH0 : 0 <= b < Int64.modulusHnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0) PNr : is_pointer_or_null r H1 : field_compatible t_secp256k1_uint128 [] r H2 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer sem_cast_pointer
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool false)))))
0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
apply Z.mod_pos_bound; lia .
Qed .
Lemma body_secp256k1_u128_accum_u64 : semax_body Vprog Gprog f_secp256k1_u128_accum_u64 secp256k1_u128_accum_u64_spec.semax_body Vprog Gprog f_secp256k1_u128_accum_u64
secp256k1_u128_accum_u64_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_accum_u64
secp256k1_u128_accum_u64_spec
start_function. Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (secp256k1_uint128_at sh r0 r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_hi) = (_t'2 + (_t'3 > (~_a)));)
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_hi) = (_t'2 + (_t'3 > (~_a)));)
MORE_COMMANDS) POSTCONDITION
do 5 forward.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.add (Int64.repr r0) (Int64.repr a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(Val.of_bool
(Int64.ltu (Int64.not (Int64.repr a))
(Int64.repr r0))))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh (r0 + a) r)
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.add (Int64.repr r0) (Int64.repr a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (Z.shiftr r0 64 )))
(Val.of_bool
(Int64.ltu (Int64.not (Int64.repr a))
(Int64.repr r0))))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(Z.shiftr (r0 + a) 64 ))) r)
rewrite add64_repr, !Z.shiftr_div_pow2 by discriminate .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool
(Int64.ltu (Int64.not (Int64.repr a))
(Int64.repr r0))))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((r0 + a) / 2 ^ 64 ))) r)
assert (Heq : (r0 + a) / 2 ^64 = r0 / 2 ^64 + (r0 mod 2 ^64 + a) / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
(r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64
rewrite (Z.div_mod r0 (2 ^64 )) at 1 by discriminate .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
(2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64
rewrite Z.mul_comm, <- Z.add_assoc.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
(r0 / 2 ^ 64 * 2 ^ 64 + (r0 mod 2 ^ 64 + a)) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64
apply Z.div_add_l.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
2 ^ 64 <> 0
discriminate .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool
(Int64.ltu (Int64.not (Int64.repr a))
(Int64.repr r0))))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((r0 + a) / 2 ^ 64 ))) r)
rewrite Heq.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool
(Int64.ltu (Int64.not (Int64.repr a))
(Int64.repr r0))))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
assert (H0' : 0 <= a <= Int64.max_unsigned) by
(unfold Int64.max_unsigned; lia ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool
(Int64.ltu (Int64.not (Int64.repr a))
(Int64.repr r0))))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
rewrite <- (Int64.repr_unsigned (Int64.not (Int64.repr a))),
Int64.unsigned_not,
Int64.unsigned_repr by assumption .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool
(Int64.ltu
(Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0))))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
case_eq (Int64.ltu (Int64.repr (Int64.max_unsigned - a)) (Int64.repr r0)).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsigned
Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = true ->
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool true))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
* Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsigned
Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = true ->
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool true))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
intros Hlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = true
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool true))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
simpl (data_at _ _ _ _).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = true
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) (Int64.repr (Int.signed Int.one))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0
mod Z.pow_pos 2 64 +
a) (Z.pow_pos 2 64 ) in
q)))) r)
change (Int.signed Int.one) with 1 .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = true
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) (Int64.repr 1 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0
mod Z.pow_pos 2 64 +
a) (Z.pow_pos 2 64 ) in
q)))) r)
change (Z.pow_pos 2 64 ) with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = true
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q)) (Int64.repr 1 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q)) (Int64.repr 1 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
rewrite add64_repr.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in
q) + 1 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
fold (r0 / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong (Int64.repr (r0 / 2 ^ 64 + 1 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
fold ((r0 mod 2 ^ 64 + a) / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong (Int64.repr (r0 / 2 ^ 64 + 1 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
replace ((r0 mod 2 ^ 64 + a) / 2 ^ 64 ) with 1 ;[entailer!|].Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
1 = (r0 mod 2 ^ 64 + a) / 2 ^ 64
apply Z.le_antisymm.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
1 <= (r0 mod 2 ^ 64 + a) / 2 ^ 64
- Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
1 <= (r0 mod 2 ^ 64 + a) / 2 ^ 64
apply Z.div_le_lower_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
2 ^ 64 * 1 <= r0 mod 2 ^ 64 + a
change (2 ^64 *1 ) with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
2 ^ 64 <= r0 mod 2 ^ 64 + a
apply Z.le_sub_le_add_r.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
2 ^ 64 - a <= r0 mod 2 ^ 64
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hlt by lia .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.max_unsigned - a < r0 mod Int64.modulus
2 ^ 64 - a <= r0 mod 2 ^ 64
unfold Int64.max_unsigned in Hlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.modulus - 1 - a < r0 mod Int64.modulus
2 ^ 64 - a <= r0 mod 2 ^ 64
change (Int64.modulus) with (2 ^64 ) in Hlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : 2 ^ 64 - 1 - a < r0 mod 2 ^ 64
2 ^ 64 - a <= r0 mod 2 ^ 64
lia .
- Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
(r0 mod 2 ^ 64 + a) / 2 ^ 64 <= 1
apply Zlt_succ_le.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
(r0 mod 2 ^ 64 + a) / 2 ^ 64 < Z.succ 1
apply Z.div_lt_upper_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
r0 mod 2 ^ 64 + a < 2 ^ 64 * Z.succ 1
change (2 ^64 * _) with (2 ^64 + 2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
r0 mod 2 ^ 64 + a < 2 ^ 64 + 2 ^ 64
change (2 ^64 ) with (Int64.modulus).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
r0 mod Int64.modulus + a <
Int64.modulus + Int64.modulus
apply Z.add_lt_mono;[|lia ].Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0)
r0 mod Int64.modulus < Int64.modulus
assert (Hmod := Z.mod_pos_bound r0 Int64.modulus).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) <
Int64.unsigned (Int64.repr r0) Hmod : 0 < Int64.modulus ->
0 <= r0 mod Int64.modulus < Int64.modulus
r0 mod Int64.modulus < Int64.modulus
lia .
* Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsigned
Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = false ->
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool false))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
intros Hnlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = false
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer (sem_cast_i2l Signed)
(Vlong (Int64.repr (r0 / 2 ^ 64 )))
(Val.of_bool false))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
simpl (data_at _ _ _ _).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = false
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) (Int64.repr (Int.signed Int.zero))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0
mod Z.pow_pos 2 64 +
a) (Z.pow_pos 2 64 ) in
q)))) r)
change (Int.signed Int.zero) with 0 .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = false
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) (Int64.repr 0 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0
mod Z.pow_pos 2 64 +
a) (Z.pow_pos 2 64 ) in
q)))) r)
change (Z.pow_pos 2 64 ) with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.ltu (Int64.repr (Int64.max_unsigned - a))
(Int64.repr r0) = false
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q)) (Int64.repr 0 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
apply ltu_false_inv64 in Hnlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q)) (Int64.repr 0 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
rewrite add64_repr.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in
q) + 0 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
fold (r0 / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong (Int64.repr (r0 / 2 ^ 64 + 0 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 + a)
(2 ^ 64 ) in
q)))) r)
fold ((r0 mod 2 ^ 64 + a) / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong (Int64.repr (r0 / 2 ^ 64 + 0 ))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 +
(r0 mod 2 ^ 64 + a) /
2 ^ 64 ))) r)
replace ((r0 mod 2 ^ 64 + a) / 2 ^ 64 ) with 0 ;[entailer!|].Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
0 = (r0 mod 2 ^ 64 + a) / 2 ^ 64
symmetry ; apply Z.div_small.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
0 <= r0 mod 2 ^ 64 + a < 2 ^ 64
split .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
0 <= r0 mod 2 ^ 64 + a
- Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
0 <= r0 mod 2 ^ 64 + a
apply Z.add_nonneg_nonneg;[|tauto ].Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
0 <= r0 mod 2 ^ 64
assert (Hmod := Z.mod_pos_bound r0 (2 ^64 )).Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0) Hmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
0 <= r0 mod 2 ^ 64
lia .
- Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.unsigned
(Int64.repr (Int64.max_unsigned - a)) >=
Int64.unsigned (Int64.repr r0)
r0 mod 2 ^ 64 + a < 2 ^ 64
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hnlt by lia .Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.max_unsigned - a >= r0 mod Int64.modulus
r0 mod 2 ^ 64 + a < 2 ^ 64
unfold Int64.max_unsigned in Hnlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : Int64.modulus - 1 - a >= r0 mod Int64.modulus
r0 mod 2 ^ 64 + a < 2 ^ 64
change (Int64.modulus) with (2 ^64 ) in Hnlt.Espec : OracleKind r : val sh : share r0, a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusHeq : (r0 + a) / 2 ^ 64 =
r0 / 2 ^ 64 + (r0 mod 2 ^ 64 + a) / 2 ^ 64 H0' : 0 <= a <= Int64.max_unsignedHnlt : 2 ^ 64 - 1 - a >= r0 mod 2 ^ 64
r0 mod 2 ^ 64 + a < 2 ^ 64
lia .
Qed .
Lemma body_secp256k1_u128_rshift : semax_body Vprog Gprog f_secp256k1_u128_rshift secp256k1_u128_rshift_spec.semax_body Vprog Gprog f_secp256k1_u128_rshift
secp256k1_u128_rshift_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_rshift
secp256k1_u128_rshift_spec
start_function. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(for (;
;
break;) {
if (!(_n < (128 ))) {
for (;
;
break;) {
((_t'5 = _stderr;
_fprintf
([(_t'5)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((47 ))%expr;
(___stringlit_1)%expr]);)
_abort([]);)
}
}
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : typed_true tint
(eval_unop Onotbool tint
(Val.of_bool
(Int.ltu (Int.repr n) (Int.repr 128 ))))
False
case_eq (Int.ltu (Int.repr n) (Int.repr 128 ));intros Hn;rewrite Hn in *;
apply typed_true_of_bool in H1; try discriminate .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : negb (negb (Int.eq Int.zero Int.zero)) = true Hn : Int.ltu (Int.repr n) (Int.repr 128 ) = false
False
apply ltu_false_inv in Hn.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : negb (negb (Int.eq Int.zero Int.zero)) = true Hn : Int.unsigned (Int.repr n) >=
Int.unsigned (Int.repr 128 )
False
rewrite !Int.unsigned_repr in Hn by (change Int.max_unsigned with (2 ^32 - 1 ); lia ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : negb (negb (Int.eq Int.zero Int.zero)) = true Hn : n >= 128
False
lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(if (_n >= (64 )) {
((_t'4 = (_r->_hi);
(_r->_lo) = _t'4 >> (_n - (64 ));)
(_r->_hi) = (0 );)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = _t'1 >> _n;)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(Z.shiftr r0 n) r) *
stackframe_of f_secp256k1_u128_rshift)%logic)
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
((_t'4 = (_r->_hi);
(_r->_lo) = _t'4 >> (_n - (64 ));)
(_r->_hi) = (0 );)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = _t'1 >> _n;)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_u128_rshift)%logic)
assert (H128int: 128 <= Int.max_unsigned) by discriminate .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsigned
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
((_t'4 = (_r->_hi);
(_r->_lo) = _t'4 >> (_n - (64 ));)
(_r->_hi) = (0 );)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = _t'1 >> _n;)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_u128_rshift)%logic)
assert (H128int64: 128 <= Int64.max_unsigned) by discriminate .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
((_t'4 = (_r->_hi);
(_r->_lo) = _t'4 >> (_n - (64 ));)
(_r->_hi) = (0 );)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = _t'1 >> _n;)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_u128_rshift)%logic)
assert (Hr0: 0 <= Z.shiftr r0 64 <= Int64.max_unsigned);[split |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
0 <= Z.shiftr r0 64
1 :apply Z.shiftr_nonneg; tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
Z.shiftr r0 64 <= Int64.max_unsigned
1 :{Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
Z.shiftr r0 64 <= Int64.max_unsigned
cut (Z.shiftr r0 64 < Int64.modulus).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
Z.shiftr r0 64 < Int64.modulus ->
Z.shiftr r0 64 <= Int64.max_unsigned
1 :unfold Int64.max_unsigned;lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
Z.shiftr r0 64 < Int64.modulus
rewrite Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
r0 / 2 ^ 64 < Int64.modulus
apply Z.div_lt_upper_bound; try lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
r0 < 2 ^ 64 * Int64.modulus
rewrite Int64.modulus_power, two_p_equiv, <- Z.pow_add_r; auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsigned
r0 < 2 ^ (64 + Int64.zwordsize)
tauto .
} Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsigned
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
((_t'4 = (_r->_hi);
(_r->_lo) = _t'4 >> (_n - (64 ));)
(_r->_hi) = (0 );)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = _t'1 >> _n;)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_u128_rshift)%logic)
repeat forward_if.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'4 = (_r->_hi);
(_r->_lo) = _t'4 >> (_n - (64 ));)
MORE_COMMANDS) POSTCONDITION
* Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'4 = (_r->_hi);
(_r->_lo) = _t'4 >> (_n - (64 ));)
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 GV := None : option globals
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- denote_tc_assert
(tc_andp (typecheck_LR Delta (*_r)%expr LLLL)
(tc_andp
(typecheck_expr Delta
((tulong) (_t'4 >> (_n - (64))))%expr)
(typecheck_efield Delta [eStructField _lo])))
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 GV := None : option globals PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
n - 64 < Int.unsigned Int64.iwordsize'
1 : apply Z.lt_sub_lt_add_r; tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.shru (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n)
(Int.repr 64 ))))),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_r->_hi) = (0 );) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.shru (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 ))))),
Vlong (Int64.repr (Int.signed (Int.repr 0 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
unfold Int64.shru.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 )))
(Int64.unsigned
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n)
(Int.repr 64 ))))))),
Vlong (Int64.repr (Int.signed (Int.repr 0 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
assert (Hn: 0 <= n - 64 < 64 ) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 )))
(Int64.unsigned
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n)
(Int.repr 64 ))))))),
Vlong (Int64.repr (Int.signed (Int.repr 0 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
rewrite sub_repr, Int.unsigned_repr, !Int64.unsigned_repr, !Z.shiftr_shiftr by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 (64 + (n - 64 )))),
Vlong (Int64.repr (Int.signed (Int.repr 0 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
replace (64 + (n - 64 )) with n by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Int.signed (Int.repr 0 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
replace (Z.shiftr r0 (n + 64 )) with 0 ;[entailer!|].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
0 = Z.shiftr r0 (n + 64 )
rewrite Z.shiftr_div_pow2.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
0 = r0 / 2 ^ (n + 64 )
2 :lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
0 = r0 / 2 ^ (n + 64 )
symmetry ; apply Z.div_small;split .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
0 <= r0
1 :lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
r0 < 2 ^ (n + 64 )
eapply Z.lt_le_trans with (2 ^128 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
r0 < 2 ^ 128
1 :tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n >= 64 Hn : 0 <= n - 64 < 64
2 ^ 128 <= 2 ^ (n + 64 )
apply Z.pow_le_mono_r; lia .
* Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
assert (Hn: 0 <= 64 - n < 64 ) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
assert (H02n: 0 < 2 ^ n) by auto with zarith.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
assert (H2n: 0 <= 2 ^ n - 1 <= Int64.max_unsigned).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
0 <= 2 ^ n - 1 <= Int64.max_unsigned
{ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
0 <= 2 ^ n - 1 <= Int64.max_unsigned
cut (0 < 2 ^n <= Int64.modulus);[unfold Int64.max_unsigned;lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
0 < 2 ^ n <= Int64.modulus
split ;auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
2 ^ n <= Int64.modulus
unfold Int64.modulus.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
2 ^ n <= two_power_nat Int64.wordsize
rewrite two_power_nat_equiv.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
2 ^ n <= 2 ^ Z.of_nat Int64.wordsize
apply Z.pow_le_mono_r;[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
n <= Z.of_nat Int64.wordsize
simpl .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ n
n <= 64
lia .
} Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsigned
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
assert (Hmod2n : forall x , 0 <= x mod 2 ^ n <= Int64.max_unsigned).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsigned
forall x : Z, 0 <= x mod 2 ^ n <= Int64.max_unsigned
{ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsigned
forall x : Z, 0 <= x mod 2 ^ n <= Int64.max_unsigned
intros x.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z
0 <= x mod 2 ^ n <= Int64.max_unsigned
assert (Hbound := Z.mod_pos_bound x _ H02n).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hbound : 0 <= x mod 2 ^ n < 2 ^ n
0 <= x mod 2 ^ n <= Int64.max_unsigned
lia .
} Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsigned
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
assert (Hshift : forall x , 0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <= Int64.max_unsigned).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsigned
forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsigned
{ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsigned
forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsigned
intros x.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedx : Z
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsigned
specialize (Hmod2n x).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsigned
split ;[apply Z.shiftl_nonneg; tauto |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
Z.shiftl (x mod 2 ^ n) (64 - n) <= Int64.max_unsigned
rewrite Z.shiftl_mul_pow2 by tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
x mod 2 ^ n * 2 ^ (64 - n) <= Int64.max_unsigned
unfold Int64.max_unsigned.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
x mod 2 ^ n * 2 ^ (64 - n) <= Int64.modulus - 1
cut (x mod 2 ^ n * 2 ^ (64 - n) < Int64.modulus);[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
x mod 2 ^ n * 2 ^ (64 - n) < Int64.modulus
change Int64.modulus with (2 ^ 64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
x mod 2 ^ n * 2 ^ (64 - n) < 2 ^ 64
replace 64 with (n + (64 - n)) at 2 by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
x mod 2 ^ n * 2 ^ (64 - n) < 2 ^ (n + (64 - n))
rewrite Zpower_exp by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsigned
x mod 2 ^ n * 2 ^ (64 - n) < 2 ^ n * 2 ^ (64 - n)
assert (Hmod := Z.mod_pos_bound x _ H02n).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedx : Z Hmod2n : 0 <= x mod 2 ^ n <= Int64.max_unsignedHmod : 0 <= x mod 2 ^ n < 2 ^ n
x mod 2 ^ n * 2 ^ (64 - n) < 2 ^ n * 2 ^ (64 - n)
apply Zmult_lt_compat_r; auto with *.
} Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsigned
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
assert (Hshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <= Int64.max_unsigned).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsigned
0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <= Int64.max_unsigned
{ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsigned
0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <= Int64.max_unsigned
assert (Hmod := Z.mod_pos_bound r0 (2 ^64 )).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <= Int64.max_unsigned
split ;[rewrite Z.shiftr_nonneg;lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
Z.shiftr (r0 mod 2 ^ 64 ) n <= Int64.max_unsigned
unfold Int64.modulus.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
Z.shiftr (r0 mod 2 ^ 64 ) n <= Int64.max_unsigned
rewrite Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 / 2 ^ n <= Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 - 1 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 / 2 ^ n <= 2 ^ 64 - 1
transitivity (r0 mod 2 ^64 );[|lia ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 / 2 ^ n <= r0 mod 2 ^ 64
apply Z.div_le_upper_bound;[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 <= 2 ^ n * (r0 mod 2 ^ 64 )
rewrite <- (Z.mul_1_l (r0 mod 2 ^ 64 )) at 1 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHmod : 0 < 2 ^ 64 -> 0 <= r0 mod 2 ^ 64 < 2 ^ 64
1 * (r0 mod 2 ^ 64 ) <= 2 ^ n * (r0 mod 2 ^ 64 )
apply Z.mul_le_mono_nonneg_r;lia .
} Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement Hn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
do 3 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedGV := None : option globals
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- denote_tc_assert
(tc_andp (typecheck_LR Delta (*_r)%expr LLLL)
(tc_andp
(typecheck_expr Delta
((tulong) ((_t'2
& ((tulong) (1) << _n
- (1)))
<< ((64) - _n)
| _t'3 >> _n))%expr)
(typecheck_efield Delta [eStructField _lo])))
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedGV := None : option globals PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
n < Int.unsigned Int64.iwordsize' /\
64 - n < Int.unsigned Int64.iwordsize'
split ; eapply Z.lt_le_trans with 64 ;try tauto ; reflexivity .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedMORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed
(Int.repr 1 )))
(Int64.repr
(Int.unsigned
(Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr 64 )
(Int.repr n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (_r->_hi);
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr 64 )
(Int.repr n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shru (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
unfold Int64.shru, Int64.shl, Int64.and , Int64.or.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Int64.unsigned
(Int64.repr ...))
(Int64.unsigned
(Int64.sub ...
...)))))
(Int64.unsigned
(Int64.repr
(Int.unsigned
(Int.sub
(Int.repr 64 )
(Int.repr n))))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0))
(Int64.unsigned
(Int64.repr
(Int.unsigned
(Int.repr n))))))))),
Vlong
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 )))
(Int64.unsigned
(Int64.repr
(Int.unsigned (Int.repr n)))))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
rewrite sub_repr, sub64_repr, !Int.unsigned_repr by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Int64.unsigned
(Int64.repr ...))
(Int64.unsigned
(Int64.repr ...)))))
(Int64.unsigned
(Int64.repr (64 - n))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0))
(Int64.unsigned
(Int64.repr n))))))),
Vlong
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 )))
(Int64.unsigned (Int64.repr n))))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
rewrite (Int64.unsigned_repr n) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Int64.unsigned
(Int64.repr ...))
(Int64.unsigned
(Int64.repr ...)))))
(Int64.unsigned
(Int64.repr (64 - n))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 ))) n)))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
rewrite (Int64.unsigned_repr (Z.shiftr r0 64 )) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Int64.unsigned
(Int64.repr ...)))))
(Int64.unsigned
(Int64.repr (64 - n))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong
(Int64.repr (Z.shiftr (Z.shiftr r0 64 ) n))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
rewrite !Z.shiftr_shiftr by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Int64.unsigned
(Int64.repr ...)))))
(Int64.unsigned
(Int64.repr (64 - n))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (64 + n)))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite Z.add_comm.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Int64.unsigned
(Int64.repr ...)))))
(Int64.unsigned
(Int64.repr (64 - n))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite Int.signed_repr by tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Int64.unsigned
(Int64.repr ...)))))
(Int64.unsigned
(Int64.repr (64 - n))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite (Int64.unsigned_repr 1 ) by tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Int64.unsigned
(Int64.repr ...)))))
(Int64.unsigned
(Int64.repr (64 - n))))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite (Int64.unsigned_repr (64 - n)) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Int64.unsigned
(Int64.repr ...)))))
(64 - n))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite Z.shiftl_1_l.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Int64.unsigned
(Int64.repr ...)))))
(64 - n))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite (Int64.unsigned_repr (2 ^n - 1 )) by assumption .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(2 ^ n - 1 ))))
(64 - n))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite <- Z.shiftl_1_l.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Z.shiftl 1 n - 1 ))))
(64 - n))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
change (Z.shiftl 1 n - 1 ) with (Z.ones n).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.land
(Z.shiftr r0 64 )
(Z.ones n))))
(64 - n))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite Z.land_ones by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Int64.unsigned
(Int64.repr
(Z.shiftr r0 64
mod 2 ^ n))) (64 - n))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite (Int64.unsigned_repr (Z.shiftr r0 64 mod 2 ^ n)) by auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Int64.unsigned
(Int64.repr
(Z.shiftl
(Z.shiftr r0 64 mod 2 ^ n)
(64 - n))))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite (Int64.unsigned_repr (Z.shiftl (Z.shiftr r0 64 mod 2 ^ n) (64 - n))) by auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n)
(64 - n))
(Int64.unsigned
(Int64.repr
(Z.shiftr
(Int64.unsigned
(Int64.repr r0)) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite (Int64.unsigned_repr_eq r0).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n)
(64 - n))
(Int64.unsigned
(Int64.repr
(Z.shiftr (r0 mod Int64.modulus)
n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n)
(64 - n))
(Int64.unsigned
(Int64.repr
(Z.shiftr (r0 mod 2 ^ 64 ) n))))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
rewrite (Int64.unsigned_repr (Z.shiftr (r0 mod 2 ^ 64 ) n)) by auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n)
(64 - n))
(Z.shiftr (r0 mod 2 ^ 64 ) n))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr r0 (n + 64 )))) r)
replace (Int64.repr (Z.lor _ _)) with (Int64.repr (Z.shiftr r0 n));[entailer!|].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
Int64.repr (Z.shiftr r0 n) =
Int64.repr
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n) (64 - n))
(Z.shiftr (r0 mod 2 ^ 64 ) n))
apply Int64.eqm_samerepr.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
Int64.eqm (Z.shiftr r0 n)
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n) (64 - n))
(Z.shiftr (r0 mod 2 ^ 64 ) n))
apply Int64.eqm_same_bits.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
forall i : Z,
0 <= i < Int64.zwordsize ->
Z.testbit (Z.shiftr r0 n) i =
Z.testbit
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n) (64 - n))
(Z.shiftr (r0 mod 2 ^ 64 ) n)) i
change Int64.zwordsize with 64 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsigned
forall i : Z,
0 <= i < 64 ->
Z.testbit (Z.shiftr r0 n) i =
Z.testbit
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n) (64 - n))
(Z.shiftr (r0 mod 2 ^ 64 ) n)) i
intros i Hi.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64
Z.testbit (Z.shiftr r0 n) i =
Z.testbit
(Z.lor
(Z.shiftl (Z.shiftr r0 64 mod 2 ^ n) (64 - n))
(Z.shiftr (r0 mod 2 ^ 64 ) n)) i
rewrite Z.lor_spec, Z.shiftl_spec, !Z.shiftr_spec by tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 mod 2 ^ n) (i - (64 - n))
|| Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
destruct (Z.neg_nonneg_cases (i - (64 - n))) as [Hneg|Hpos].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64 Hneg : i - (64 - n) < 0
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 mod 2 ^ n) (i - (64 - n))
|| Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64 Hneg : i - (64 - n) < 0
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 mod 2 ^ n) (i - (64 - n))
|| Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
rewrite (Z.testbit_neg_r _ _ Hneg).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64 Hneg : i - (64 - n) < 0
Z.testbit r0 (i + n) =
(false || Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
rewrite Z.mod_pow2_bits_low; auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64 Hneg : i - (64 - n) < 0
i + n < 64
lia .
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64 Hpos : 0 <= i - (64 - n)
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 mod 2 ^ n) (i - (64 - n))
|| Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
rewrite Z.mod_pow2_bits_low, Z.mod_pow2_bits_high, Z.shiftr_spec, orb_false_r by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64 Hpos : 0 <= i - (64 - n)
Z.testbit r0 (i + n) =
Z.testbit r0 (i - (64 - n) + 64 )
f_equal .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 < nHn : 0 <= 64 - n < 64 H02n : 0 < 2 ^ nH2n : 0 <= 2 ^ n - 1 <= Int64.max_unsignedHmod2n : forall x : Z,
0 <= x mod 2 ^ n <= Int64.max_unsignedHshift : forall x : Z,
0 <= Z.shiftl (x mod 2 ^ n) (64 - n) <=
Int64.max_unsignedHshiftr : 0 <= Z.shiftr (r0 mod 2 ^ 64 ) n <=
Int64.max_unsignedi : Z Hi : 0 <= i < 64 Hpos : 0 <= i - (64 - n)
i + n = i - (64 - n) + 64
lia .
* Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 >= n
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(/*skip*/;) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 >= n
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- (PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_u128_rshift)%logic
replace n with 0 by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 >= n
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr 0 )))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- (PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 0 )),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 0 )
64 ))) r) *
stackframe_of f_secp256k1_u128_rshift)%logic
rewrite Z.shiftr_0_r.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= r0 < Int128_modulusH0 : 0 <= n < 128 H128int : 128 <= Int.max_unsignedH128int64 : 128 <= Int64.max_unsignedHr0 : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedH1 : n < 64 H2 : 0 >= n
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr 0 )))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- (PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong
(Int64.repr (Z.shiftr r0 64 )))
r) *
stackframe_of f_secp256k1_u128_rshift)%logic
entailer!.
Qed .
Lemma body_secp256k1_u128_to_u64 : semax_body Vprog Gprog f_secp256k1_u128_to_u64 secp256k1_u128_to_u64_spec.semax_body Vprog Gprog f_secp256k1_u128_to_u64
secp256k1_u128_to_u64_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_to_u64
secp256k1_u128_to_u64_spec
start_function. Espec : OracleKind r : val sh : share r0 : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a r)
SEP (secp256k1_uint128_at sh r0 r))
(_t'1 = (_a->_lo);
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0 : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a r)
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (_a->_lo);
MORE_COMMANDS) POSTCONDITION
do 2 forward.
Qed .
Lemma body_secp256k1_u128_hi_u64 : semax_body Vprog Gprog f_secp256k1_u128_hi_u64 secp256k1_u128_hi_u64_spec.semax_body Vprog Gprog f_secp256k1_u128_hi_u64
secp256k1_u128_hi_u64_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_hi_u64
secp256k1_u128_hi_u64_spec
start_function. Espec : OracleKind r : val sh : share r0 : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a r)
SEP (secp256k1_uint128_at sh r0 r))
(_t'1 = (_a->_hi);
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0 : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a r)
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (_a->_hi);
MORE_COMMANDS) POSTCONDITION
do 2 forward.
Qed .
Lemma body_secp256k1_u128_from_u64 : semax_body Vprog Gprog f_secp256k1_u128_from_u64 secp256k1_u128_from_u64_spec.semax_body Vprog Gprog f_secp256k1_u128_from_u64
secp256k1_u128_from_u64_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_from_u64
secp256k1_u128_from_u64_spec
start_function. Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulusPOSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at_ sh t_secp256k1_uint128 r))
((_r->_hi) = (0 );
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong (Int64.repr (Int.signed (Int.repr 0 )))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh a r)
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong (Int64.repr (Int.signed (Int.repr 0 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.repr (Z.shiftr a 64 )))
r)
replace (Z.shiftr a 64 ) with 0 ;[entailer!|].Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
0 = Z.shiftr a 64
symmetry ; apply Z.shiftr_eq_0; auto with *.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : 0 <= a < Int64.modulus
Z.log2 a < 64
destruct H as [_ H].Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : a < Int64.modulus
Z.log2 a < 64
eapply Z.le_lt_trans with (Z.log2 (2 ^64 - 1 ));[apply Z.log2_le_mono|reflexivity ].Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : a < Int64.modulus
a <= 2 ^ 64 - 1
change (2 ^64 ) with Int64.modulus.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : a < Int64.modulus
a <= Int64.modulus - 1
lia .
Qed .
Lemma body_secp256k1_u128_check_bits : semax_body Vprog Gprog f_secp256k1_u128_check_bits secp256k1_u128_check_bits_spec.semax_body Vprog Gprog f_secp256k1_u128_check_bits
secp256k1_u128_check_bits_spec
Proof .semax_body Vprog Gprog f_secp256k1_u128_check_bits
secp256k1_u128_check_bits_spec
start_function. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(for (;
;
break;) {
if (!(_n < (128 ))) {
for (;
;
break;) {
((_t'5 = _stderr;
_fprintf
([(_t'5)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((71 ))%expr;
(___stringlit_1)%expr]);)
_abort([]);)
}
}
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : typed_true tint
(eval_unop Onotbool tint
(Val.of_bool
(Int.ltu (Int.repr n) (Int.repr 128 ))))
False
case_eq (Int.ltu (Int.repr n) (Int.repr 128 ));intros Hn;rewrite Hn in *;
apply typed_true_of_bool in H1; try discriminate .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : negb (negb (Int.eq Int.zero Int.zero)) = true Hn : Int.ltu (Int.repr n) (Int.repr 128 ) = false
False
apply ltu_false_inv in Hn.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : negb (negb (Int.eq Int.zero Int.zero)) = true Hn : Int.unsigned (Int.repr n) >=
Int.unsigned (Int.repr 128 )
False
rewrite !Int.unsigned_repr in Hn by (change Int.max_unsigned with (2 ^32 - 1 ); lia ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : negb (negb (Int.eq Int.zero Int.zero)) = true Hn : n >= 128
False
lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(if (_n >= (64 )) {
(_t'4 = (_r->_hi);
_t'1 = (tint) (_t'4 >> (_n - (64 )) == (0 ));)
} else {
(_t'2 = (_r->_hi);
if (_t'2 == (0 )) {
((_t'3 = (_r->_lo);
_t'1 = (tbool) (_t'3 >> _n == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
})
}
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
(_t'4 = (_r->_hi);
_t'1 = (tint) (_t'4 >> (_n - (64 )) == (0 ));)
} else {
(_t'2 = (_r->_hi);
if (_t'2 == (0 )) {
((_t'3 = (_r->_lo);
_t'1 = (tbool) (_t'3 >> _n == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
})
}
MORE_COMMANDS) POSTCONDITION
forward_if (PROP ( )
LOCAL (temp _t'1 (Vint (Int.repr (if r0 <? 2 ^n then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0), Vlong (Int64.repr (Z.shiftr r0 64 ))) r));
forward;[|forward_if]. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (tint) (_t'4 >> (_n - (64 )) == (0 ));)
POSTCONDITION
* Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (tint) (_t'4 >> (_n - (64 )) == (0 ));)
POSTCONDITION
forward;entailer!;[change (Int.unsigned _) with 64 ;lia |]. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.shru (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (n - 64 ))) (Int64.repr 0 ))))
rewrite Int64.shru_div_two_p.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.repr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 )) /
two_p
(Int64.unsigned (Int64.repr (n - 64 )))))
(Int64.repr 0 ))))
assert (Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsigned).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
0 <= Z.shiftr r0 64 <= Int64.max_unsigned
rewrite Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
0 <= r0 / 2 ^ 64 <= Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 - 1 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
0 <= r0 / 2 ^ 64 <= 2 ^ 64 - 1
cut (0 <= r0 / 2 ^64 < 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
0 <= r0 / 2 ^ 64 < 2 ^ 64
split ;[apply Z.div_pos|apply Z.div_lt_upper_bound];lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsigned
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.repr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 )) /
two_p
(Int64.unsigned (Int64.repr (n - 64 )))))
(Int64.repr 0 ))))
assert (Hn64 : 0 <= n - 64 <= Int64.max_unsigned).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsigned
0 <= n - 64 <= Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 - 1 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsigned
0 <= n - 64 <= 2 ^ 64 - 1
lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsigned
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.repr
(Int64.unsigned
(Int64.repr (Z.shiftr r0 64 )) /
two_p
(Int64.unsigned (Int64.repr (n - 64 )))))
(Int64.repr 0 ))))
rewrite !Int64.unsigned_repr, <- Zbits.Zshiftr_div_two_p by tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsigned
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.repr
(Z.shiftr (Z.shiftr r0 64 ) (n - 64 )))
(Int64.repr 0 ))))
rewrite Z.shiftr_shiftr by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsigned
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.repr (Z.shiftr r0 (64 + (n - 64 ))))
(Int64.repr 0 ))))
replace (64 + (n - 64 )) with n by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsigned
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
destruct (Zaux.Zlt_bool_spec r0 (2 ^n)).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedH5 : r0 < 2 ^ n
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedH5 : r0 < 2 ^ n
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
rewrite Z.shiftr_eq_0; try tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedH5 : r0 < 2 ^ n
Z.log2 r0 < n
destruct (Zle_lt_or_eq _ _ (proj1 H)) as [H'|<-];[|simpl ;lia ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedH5 : r0 < 2 ^ n H' : 0 < r0
Z.log2 r0 < n
apply Z.log2_lt_pow2;lia .
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedH5 : 2 ^ n <= r0
Vint (Int.repr 0 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
rewrite Int64.eq_false; auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedH5 : 2 ^ n <= r0
Int64.repr (Z.shiftr r0 n) <> Int64.repr 0
intros Heq; revert H5; apply Zlt_not_le.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (Z.shiftr r0 n) = Int64.repr 0
r0 < 2 ^ n
rewrite Z.shiftr_div_pow2 in Heq by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
r0 < 2 ^ n
assert (H2n : 0 < 2 ^n) by (apply Z.pow_pos_nonneg;lia ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
r0 < 2 ^ n
rewrite (Z_div_mod_eq r0 (2 ^n)) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
2 ^ n * (r0 / 2 ^ n) + r0 mod 2 ^ n < 2 ^ n
rewrite <- (Int64.unsigned_repr (r0 / 2 ^n)), Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
2 ^ n * Int64.unsigned (Int64.repr 0 ) + r0 mod 2 ^ n <
2 ^ n
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
2 ^ n * Int64.unsigned (Int64.repr 0 ) + r0 mod 2 ^ n <
2 ^ n
change (Int64.unsigned _) with 0 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
2 ^ n * 0 + r0 mod 2 ^ n < 2 ^ n
replace (_ * 0 + _) with (r0 mod 2 ^n) by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
r0 mod 2 ^ n < 2 ^ n
assert (Hmod := (Z.mod_pos_bound r0 (2 ^n) H2n)).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ nHmod : 0 <= r0 mod 2 ^ n < 2 ^ n
r0 mod 2 ^ n < 2 ^ n
tauto .
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
0 <= r0 / 2 ^ n <= Int64.max_unsigned
split ;[apply Z.div_pos; lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
r0 / 2 ^ n <= Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 - 1 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
r0 / 2 ^ n <= 2 ^ 64 - 1
cut (r0 / 2 ^n < 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
r0 / 2 ^ n < 2 ^ 64
apply Z.div_lt_upper_bound; try lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
r0 < 2 ^ n * 2 ^ 64
eapply Z.lt_le_trans;[apply (proj2 H)|].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
2 ^ 128 <= 2 ^ n * 2 ^ 64
rewrite <- Z.pow_add_r by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n >= 64 H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong
(Int64.repr (Z.shiftr r0 64 )))
(eval_binop Osub tuint tint
(Vint (Int.repr n))
(Vint (Int.repr 64 ))))
(Vint (Int.repr 0 ))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hr0shift : 0 <= Z.shiftr r0 64 <= Int64.max_unsignedHn64 : 0 <= n - 64 <= Int64.max_unsignedHeq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 H2n : 0 < 2 ^ n
2 ^ 128 <= 2 ^ (n + 64 )
apply Z.pow_le_mono_r; lia .
* Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : Int64.repr (Z.shiftr r0 64 ) = Int64.zero MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'2
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'3 = (_r->_lo);
_t'1 = (tbool) (_t'3 >> _n == (0 ));)
MORE_COMMANDS) POSTCONDITION
do 3 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) = Int64.zero
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 )))))));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- PROP ( )
LOCAL (temp _t'1
(Vint
(Int.repr
(if r0 <? 2 ^ n then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.shru (Int64.repr r0) (Int64.repr n))
(Int64.repr 0 ))))
assert (H2n : 0 < 2 ^n) by (apply Z.pow_pos_nonneg;lia ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.shru (Int64.repr r0) (Int64.repr n))
(Int64.repr 0 ))))
rewrite Z.shiftr_div_pow2 in H2 by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.shru (Int64.repr r0) (Int64.repr n))
(Int64.repr 0 ))))
assert (Hr0 : r0 < 2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
r0 < 2 ^ 64
rewrite (Z_div_mod_eq r0 (2 ^64 )) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 < 2 ^ 64
rewrite <- (Int64.unsigned_repr (r0 / 2 ^64 )), H2.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
2 ^ 64 * Int64.unsigned Int64.zero + r0 mod 2 ^ 64 <
2 ^ 64
change (Int64.unsigned _) with 0 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
2 ^ 64 * 0 + r0 mod 2 ^ 64 < 2 ^ 64
replace (_ * 0 + _) with (r0 mod 2 ^64 ) by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
r0 mod 2 ^ 64 < 2 ^ 64
assert (Hmod := (Z.mod_pos_bound r0 (2 ^64 ) (refl_equal _))).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHmod : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 < 2 ^ 64
tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
0 <= r0 / 2 ^ 64 <= Int64.max_unsigned
split ;[apply Z.div_pos; lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
r0 / 2 ^ 64 <= Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 - 1 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
r0 / 2 ^ 64 <= 2 ^ 64 - 1
cut (r0 / 2 ^64 < 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ n
r0 / 2 ^ 64 < 2 ^ 64
apply Z.div_lt_upper_bound; try lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.shru (Int64.repr r0) (Int64.repr n))
(Int64.repr 0 ))))
rewrite Int64.shru_div_two_p.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq
(Int64.repr
(Int64.unsigned (Int64.repr r0) /
two_p (Int64.unsigned (Int64.repr n))))
(Int64.repr 0 ))))
rewrite !Int64.unsigned_repr, <- Zbits.Zshiftr_div_two_p by (change Int64.max_unsigned with (2 ^64 - 1 ); lia ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
destruct (Zaux.Zlt_bool_spec r0 (2 ^n)).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 H6 : r0 < 2 ^ n
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 H6 : r0 < 2 ^ n
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
destruct (Zle_lt_or_eq _ _ (proj1 H)) as [H'|<-];
[|rewrite Z.shiftr_0_l, Int64.eq_true; reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 H6 : r0 < 2 ^ n H' : 0 < r0
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
rewrite Z.shiftr_eq_0; try tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 H6 : r0 < 2 ^ n H' : 0 < r0
Z.log2 r0 < n
apply Z.log2_lt_pow2;lia .
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 H6 : 2 ^ n <= r0
Vint (Int.repr 0 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 n))
(Int64.repr 0 ))))
rewrite Int64.eq_false; auto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 H6 : 2 ^ n <= r0
Int64.repr (Z.shiftr r0 n) <> Int64.repr 0
intros Heq; revert H6; apply Zlt_not_le.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (Z.shiftr r0 n) = Int64.repr 0
r0 < 2 ^ n
rewrite Z.shiftr_div_pow2 in Heq by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
r0 < 2 ^ n
rewrite (Z_div_mod_eq r0 (2 ^n)) by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
2 ^ n * (r0 / 2 ^ n) + r0 mod 2 ^ n < 2 ^ n
rewrite <- (Int64.unsigned_repr (r0 / 2 ^n)), Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
2 ^ n * Int64.unsigned (Int64.repr 0 ) + r0 mod 2 ^ n <
2 ^ n
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
2 ^ n * Int64.unsigned (Int64.repr 0 ) + r0 mod 2 ^ n <
2 ^ n
change (Int64.unsigned _) with 0 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
2 ^ n * 0 + r0 mod 2 ^ n < 2 ^ n
replace (_ * 0 + _) with (r0 mod 2 ^n) by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
r0 mod 2 ^ n < 2 ^ n
assert (Hmod := (Z.mod_pos_bound r0 (2 ^n) H2n)).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0 Hmod : 0 <= r0 mod 2 ^ n < 2 ^ n
r0 mod 2 ^ n < 2 ^ n
tauto .
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
0 <= r0 / 2 ^ n <= Int64.max_unsigned
split ;[apply Z.div_pos; lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
r0 / 2 ^ n <= Int64.max_unsigned
change Int64.max_unsigned with (2 ^64 - 1 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
r0 / 2 ^ n <= 2 ^ 64 - 1
cut (r0 / 2 ^n < 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (r0 / 2 ^ 64 ) = Int64.zero H3 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(eval_binop Oshr tulong tuint
(Vlong (Int64.repr r0))
(Vint (Int.repr n)))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H2n : 0 < 2 ^ nHr0 : r0 < 2 ^ 64 Heq : Int64.repr (r0 / 2 ^ n) = Int64.repr 0
r0 / 2 ^ n < 2 ^ 64
apply Z.div_lt_upper_bound; try lia .
* Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0
semax Delta
(PROP ( )
LOCAL (temp _t'2
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (tint) (0 );) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vint (Int.repr 0 ));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- PROP ( )
LOCAL (temp _t'1
(Vint
(Int.repr
(if r0 <? 2 ^ n then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint (Int.repr (if r0 <? 2 ^ n then 1 else 0 )) =
Vint (Int.repr 0 )
destruct (Zaux.Zlt_bool_spec r0 (2 ^n));[|reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H5 : r0 < 2 ^ n
Vint (Int.repr 1 ) = Vint (Int.repr 0 )
elim H2.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H5 : r0 < 2 ^ n
Int64.repr (Z.shiftr r0 64 ) = Int64.repr 0
f_equal .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H5 : r0 < 2 ^ n
Z.shiftr r0 64 = 0
destruct (Zle_lt_or_eq _ _ (proj1 H)) as [H'|<-];[|apply Z.shiftr_0_l].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H5 : r0 < 2 ^ n H' : 0 < r0
Z.shiftr r0 64 = 0
apply Z.shiftr_eq_0; try tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H5 : r0 < 2 ^ n H' : 0 < r0
Z.log2 r0 < 64
etransitivity ;[|apply H1].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= r0 < 2 ^ 128 H0 : 0 <= n < 128 H1 : n < 64 H2 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) H5 : r0 < 2 ^ n H' : 0 < r0
Z.log2 r0 < n
apply Z.log2_lt_pow2;lia .
Qed .
Lemma body_secp256k1_i128_mul_spec : semax_body Vprog Gprog f_secp256k1_i128_mul secp256k1_i128_mul_spec.semax_body Vprog Gprog f_secp256k1_i128_mul
secp256k1_i128_mul_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_mul
secp256k1_i128_mul_spec
start_function. Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at_ sh t_secp256k1_uint128 r))
((_t'1 = _secp256k1_mulh([(_a)%expr; (_b)%expr]);
(_r->_hi) = (tulong) _t'1;)
MORE_COMMANDS) POSTCONDITION
forward_call. Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at_ sh t_secp256k1_uint128 r))
((_r->_hi) = (tulong) _t'1;
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.mul (Int64.repr a) (Int64.repr b)),
Vlong (Int64.repr (Z.shiftr (a * b) 64 ))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh (a * b) r)
rewrite mul64_repr.Espec : OracleKind r : val sh : share a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (a * b)),
Vlong (Int64.repr (Z.shiftr (a * b) 64 ))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh (a * b) r)
entailer!.
Qed .
Lemma body_secp256k1_i128_accum_mul_spec : semax_body Vprog Gprog f_secp256k1_i128_accum_mul secp256k1_i128_accum_mul_spec.semax_body Vprog Gprog f_secp256k1_i128_accum_mul
secp256k1_i128_accum_mul_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_accum_mul
secp256k1_i128_accum_mul_spec
start_function. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed H2 : Int128_min_signed <= r0 + a * b <=
Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (secp256k1_uint128_at sh r0 r))
(_lo = ((tulong) _a * (tulong) _b);
MORE_COMMANDS) POSTCONDITION
set (r1 := r0 + a * b) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (secp256k1_uint128_at sh r0 r))
(_lo = ((tulong) _a * (tulong) _b);
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_lo = ((tulong) _a * (tulong) _b);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _lo
(Vlong
(Int64.mul (Int64.repr a)
(Int64.repr b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'1 = _secp256k1_mulh([(_a)%expr; (_b)%expr]);
_t'12 = (_r->_lo);
_hi = ((tulong) _t'1 + ((~_lo) < _t'12));)
MORE_COMMANDS) POSTCONDITION
forward_call. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo
(Vlong (Int64.mul (Int64.repr a) (Int64.repr b)));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'12 = (_r->_lo);
_hi = ((tulong) _t'1 + ((~_lo) < _t'12));)
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(sem_binary_operation' Oadd tulong tint
(eval_cast tlong tulong
(Vlong
(Int64.repr
(Z.shiftr (a * b) 64 ))))
(eval_binop Olt tulong tulong
(eval_unop Onotint tulong
(Vlong
(Int64.mul (Int64.repr a)
(Int64.repr b))))
(Vlong (Int64.repr r0)))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo
(Vlong (Int64.mul (Int64.repr a) (Int64.repr b)));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
simpl (force_val _).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.not
(Int64.mul (Int64.repr a)
(Int64.repr b)))
(Int64.repr r0)))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo
(Vlong (Int64.mul (Int64.repr a) (Int64.repr b)));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite mul64_repr.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.not
(Int64.repr (a * b)))
(Int64.repr r0)))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite <- (Int64.repr_unsigned (Int64.not (Int64.repr _))),
Int64.unsigned_not,
Int64.unsigned_repr_eq.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.repr
(Int64.max_unsigned -
(a * b) mod Int64.modulus))
(Int64.repr r0)))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu
(Int64.repr
(Int64.max_unsigned -
(a * b) mod 2 ^ 64 ))
(Int64.repr r0)))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
replace (Val.of_bool _) with (Vint (Int.repr (if Int64.max_unsigned - (a * b) mod 2 ^ 64 <? r0 mod 2 ^64 then 1 else 0 ))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Vint
(Int.repr
(if
Int64.max_unsigned -
(a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
2 :{Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) =
Val.of_bool
(Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0))
case_eq (Int64.ltu (Int64.repr (Int64.max_unsigned - (a * b) mod 2 ^ 64 )) (Int64.repr r0)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true ->
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true ->
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
intros Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = true
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) <
Int64.unsigned (Int64.repr r0)
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
rewrite Int64.unsigned_repr in Hlt by
(assert (Hmod := Z.mod_pos_bound (a * b) (2 ^64 )); rep_lia).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned - (a * b) mod 2 ^ 64 <
Int64.unsigned (Int64.repr r0)
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
rewrite Int64.unsigned_repr_eq in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod Int64.modulus
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
apply Z.ltb_lt in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : (Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64 ) = true
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
rewrite Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : (Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64 ) = true
Vint (Int.repr 1 ) = Val.of_bool true
reflexivity .
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false ->
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
intros Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : Int64.ltu
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 ))
(Int64.repr r0) = false
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
apply ltu_false_inv64 in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : Int64.unsigned
(Int64.repr
(Int64.max_unsigned - (a * b) mod 2 ^ 64 )) >=
Int64.unsigned (Int64.repr r0)
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
rewrite Int64.unsigned_repr in Hnlt by
(assert (Hmod := Z.mod_pos_bound (a * b) (2 ^64 )); rep_lia).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : Int64.max_unsigned - (a * b) mod 2 ^ 64 >=
Int64.unsigned (Int64.repr r0)
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
rewrite Int64.unsigned_repr_eq, Z.ge_le_iff in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : r0 mod Int64.modulus <=
Int64.max_unsigned - (a * b) mod 2 ^ 64
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : r0 mod 2 ^ 64 <=
Int64.max_unsigned - (a * b) mod 2 ^ 64
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
apply Zaux.Zlt_bool_false in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : (Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64 ) = false
Vint
(Int.repr
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
rewrite Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : (Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64 ) = false
Vint (Int.repr 0 ) = Val.of_bool false
reflexivity .
} Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Vint
(Int.repr
(if
Int64.max_unsigned -
(a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
simpl (force_val _).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.add
(Int64.repr (Z.shiftr (a * b) 64 ))
(Int64.repr
(Int.signed
(Int.repr
(if
Int64.max_unsigned -
(a * b)
mod Z.pow_pos 2 64 <?
r0 mod Z.pow_pos 2 64
then 1
else 0 ))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
change (Z.pow_pos 2 64 ) with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.add
(Int64.repr (Z.shiftr (a * b) 64 ))
(Int64.repr
(Int.signed
(Int.repr
(if
Int64.max_unsigned -
(a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 ))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite !Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.add
(Int64.repr (a * b / 2 ^ 64 ))
(Int64.repr
(Int.signed
(Int.repr
(if
Int64.max_unsigned -
(a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 ))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite add64_repr, Int.signed_repr by (destruct (Z.ltb _ _); rep_lia).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(a * b / 2 ^ 64 +
(if
Int64.max_unsigned -
(a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
(*Below is ripe for abstraction. It's been mostly copied from the unsigned version of this function. *)
replace (if _ <? _ then 1 else 0 ) with (((r0 mod 2 ^ 64 + (a * b) mod 2 ^64 ) / 2 ^ 64 )).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(a * b / 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) /
2 ^ 64 )));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
2 : {Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 =
(if
Int64.max_unsigned - (a * b) mod 2 ^ 64 <?
r0 mod 2 ^ 64
then 1
else 0 )
case (Z.ltb_spec0 _ _).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64 ->
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 = 1
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64 ->
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 = 1
intros Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 = 1
apply Z.lt_sub_lt_add_l in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 = 1
apply Z.le_antisymm.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 <= 1
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 <= 1
apply Zlt_succ_le.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 <
Z.succ 1
apply Z.div_lt_upper_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64 * Z.succ 1
change (2 ^64 * _) with (2 ^64 + 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64 + 2 ^ 64
assert (Hmod := fun x => (proj2 (Z.mod_pos_bound x (2 ^64 ) (refl_equal _)))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64 Hmod : forall x : Z, x mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64 + 2 ^ 64
apply Z.add_lt_mono; auto .
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
1 <= (r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64
apply Z.div_le_lower_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
2 ^ 64 * 1 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
change (2 ^64 *1 ) with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
2 ^ 64 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
apply Z.le_sub_le_add_r.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.max_unsigned <
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
2 ^ 64 - (a * b) mod 2 ^ 64 <= r0 mod 2 ^ 64
change Int64.max_unsigned with (2 ^64 -1 ) in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : 2 ^ 64 - 1 < (a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
2 ^ 64 - (a * b) mod 2 ^ 64 <= r0 mod 2 ^ 64
cut (0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : 2 ^ 64 - 1 < (a * b) mod 2 ^ 64 + r0 mod 2 ^ 64
0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
apply Z.mod_pos_bound; lia .
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
~
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64 ->
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 = 0
intros Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) / 2 ^ 64 = 0
apply Z.div_small.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64
split .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
+ Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
assert (Hmod := fun x => (proj1 (Z.mod_pos_bound x (2 ^64 ) (refl_equal _)))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64 Hmod : forall x : Z, 0 <= x mod 2 ^ 64
0 <= r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64
apply Z.add_nonneg_nonneg;auto .
+ Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
Int64.max_unsigned - (a * b) mod 2 ^ 64 <
r0 mod 2 ^ 64
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64
change Int64.max_unsigned with (2 ^64 - 1 ) in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
2 ^ 64 - 1 - (a * b) mod 2 ^ 64 < r0 mod 2 ^ 64
r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 < 2 ^ 64
cut (0 <= (a * b) mod 2 ^ 64 < 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : ~
2 ^ 64 - 1 - (a * b) mod 2 ^ 64 < r0 mod 2 ^ 64
0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
apply Z.mod_pos_bound; lia .
} Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(a * b / 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ) /
2 ^ 64 )));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
((a * b / 2 ^ 64 * 2 ^ 64 +
(r0 mod 2 ^ 64 +
(a * b) mod 2 ^ 64 )) / 2 ^ 64 )));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
replace (a * b / 2 ^ 64 * 2 ^ 64 +
(r0 mod 2 ^ 64 + (a * b) mod 2 ^ 64 ))
with ((2 ^ 64 * (a * b / 2 ^ 64 ) + (a * b) mod 2 ^ 64 ) + r0 mod 2 ^ 64 )
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
((2 ^ 64 * (a * b / 2 ^ 64 ) +
(a * b) mod 2 ^ 64 + r0 mod 2 ^ 64 ) /
2 ^ 64 )));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite <- Z.div_mod by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
set (hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
assert (Hab_tight := mul128_tight _ _ H H0).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
assert (Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
Int64.min_signed <= hi <= Int64.max_signed
cut (Int64.min_signed <= hi < Int64.max_signed + 1 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
Int64.min_signed <= hi < Int64.max_signed + 1
unfold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
Int64.min_signed <= (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 <
Int64.max_signed + 1
assert (Hr0_bound : 0 <= r0 mod 2 ^64 < 2 ^64 ) by
(apply Z.mod_pos_bound;lia ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hr0_bound : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
Int64.min_signed <= (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 <
Int64.max_signed + 1
split ;[apply Z.div_le_lower_bound|apply Z.div_lt_upper_bound]; rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 + a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
unfold Int128_min_signed, Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
assert (Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <= Int64.max_signed).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
Int64.min_signed <= r0 / 2 ^ 64 <= Int64.max_signed
cut (Int64.min_signed <= r0 / 2 ^ 64 < Int64.max_signed + 1 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
Int64.min_signed <= r0 / 2 ^ 64 < Int64.max_signed + 1
split ;[apply Z.div_le_lower_bound|apply Z.div_lt_upper_bound];rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 + _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 = (tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'11
(Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (_t'11 <= (9223372036854775807 )LL) {
_t'2 = (tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'2 = (0 );
}
MORE_COMMANDS) POSTCONDITION
forward_if (PROP ( )
LOCAL (temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi)); temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a)); temp _b (Vlong (Int64.repr b));
temp _t'2 (Vint (Int.repr (if (((r0 / 2 ^64 ) mod 2 ^64 <=? 9223372036854775807 ) && (hi mod 2 ^64 <=? 9223372036854775807 ))%bool then 1 else 0 :Z))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0), Vlong (Int64.repr (r0 / 2 ^ 64 ))) r));
try (forward; entailer!). Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = false H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
apply ltu_false_inv64 in H3; apply Z.ge_le in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
rewrite Int64.unsigned_repr_eq, Int64.unsigned_repr in H3; try rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulus <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod Int64.modulus <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
fold (r0 / 2 ^64 ) in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
rewrite (Zle_imp_le_bool _ _ H3).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
simpl (true && _)%bool.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr hi)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = true ->
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb true)
intros Hlt; apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr hi)
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb true)
rewrite Zaux.Zle_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr hi)
9223372036854775807 < hi mod Z.pow_pos 2 64
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : 9223372036854775807 < hi mod Int64.modulus
9223372036854775807 < hi mod Z.pow_pos 2 64
assumption .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = false ->
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb false)
intros Hnlt; apply ltu_false_inv64 in Hnlt; apply Z.ge_le in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : Int64.unsigned (Int64.repr hi) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb false)
rewrite Int64.unsigned_repr_eq, Int64.unsigned_repr in Hnlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : hi mod Int64.modulus <= 9223372036854775807
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb false)
rewrite Zle_imp_le_bool; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = true PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
apply ltu_inv64 in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in H3 by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulusPNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Zaux.Zle_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'11
(Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(_t'9 = (_r->_hi);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (!(_t'2
<= (_t'9 + _hi <= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}
}) POSTCONDITION
forward_if;[|forward];try entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 <=?
9223372036854775807 ) &&
((let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr
9223372036854775807 )
(Int64.add
(Int64.repr
(let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q))
(Int64.repr
(let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q)))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
rewrite add64_repr in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 <=?
9223372036854775807 ) &&
((let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr
9223372036854775807 )
(Int64.repr
((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) +
(let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q)))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) mod
2 ^ 64 <=?
9223372036854775807 ) &&
((let
(q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q) mod
2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr
9223372036854775807 )
(Int64.repr
((let
(q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let
(q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q)))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
revert H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ) &&
((let (q , _) :=
Z.div_eucl
(a * b + r0 mod ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let (q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
fold (r0 / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
((let (q , _) :=
Z.div_eucl
(a * b + r0 mod ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 +
(let (q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
fold ((a * b + r0 mod 2 ^ 64 ) / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )
mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) /
2 ^ 64 )))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )));
[|destruct (_ && _)%bool; discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )
mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.leb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(((a * b + r0 mod ...) / 2 ^ 64 )
mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )
mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.leb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Habr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) = true
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
apply ltu_inv64 in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
apply Zlt_not_le in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((84 ))%expr;
(___stringlit_4)%expr]);)
_abort([]);)
}) POSTCONDITION
elim Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
assert (Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^63 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
0 <= r0 / 2 ^ 64 < 2 ^ 63
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
0 <= r0 / 2 ^ 64 < 2 ^ 63
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
0 <= r0 / 2 ^ 64 < 2 ^ 63
apply Int64_low_is_nonneg;lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
assert (Habr0hi_nonneg : 0 <= hi < 2 ^63 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
0 <= hi < 2 ^ 63
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
0 <= hi < 2 ^ 63
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
0 <= hi < 2 ^ 63
apply Int64_low_is_nonneg;unfold hi; lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
rewrite !Int64.unsigned_repr by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 <=
9223372036854775807
rewrite <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
(r0 / 2 ^ 64 * 2 ^ 64 + (a * b + r0 mod 2 ^ 64 )) /
2 ^ 64 <= 9223372036854775807
replace (r0 / 2 ^ 64 * 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ))
with (a * b + (2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 ))
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
(a * b + (2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 )) /
2 ^ 64 <= 9223372036854775807
rewrite <- Z.div_mod by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
(a * b + r0) / 2 ^ 64 <= 9223372036854775807
cut ((a * b + r0) / 2 ^ 64 < 2 ^63 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
(a * b + r0) / 2 ^ 64 < 2 ^ 63
rewrite Z.add_comm.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
(r0 + a * b) / 2 ^ 64 < 2 ^ 63
fold r1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 <=
9223372036854775807 Hr1 : ~
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
r1 / 2 ^ 64 < 2 ^ 63
apply Z.div_lt_upper_bound; rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'8 = (_r->_hi);
if (_t'8 > (9223372036854775807 )LL) {
_t'3 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'3 = (0 );
})
_t'6 = (_r->_hi);
if (!(_t'3
<= (_t'6 + _hi > (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
((_t'8 = (_r->_hi);
if (_t'8 > (9223372036854775807 )LL) {
_t'3 = (tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'3 = (0 );
})
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (_t'8 > (9223372036854775807 )LL) {
_t'3 = (tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'3 = (0 );
}
MORE_COMMANDS) POSTCONDITION
forward_if (PROP ( )
LOCAL (temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi)); temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a)); temp _b (Vlong (Int64.repr b));
temp _t'3 (Vint (Int.repr (if (((r0 / 2 ^64 ) mod 2 ^64 >? 9223372036854775807 ) && (hi mod 2 ^64 >? 9223372036854775807 ))%bool then 1 else 0 :Z))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0), Vlong (Int64.repr (r0 / 2 ^ 64 ))) r));
try (forward; entailer!). Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = true H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
apply ltu_inv64 in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in H3; try rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulusH4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod Int64.modulusH4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
rewrite !Z.gtb_ltb.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
((9223372036854775807 <?
(r0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
(9223372036854775807 <? hi mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
fold (r0 / 2 ^64 ) in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
((9223372036854775807 <?
(r0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
(9223372036854775807 <? hi mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
rewrite (Zaux.Zlt_bool_true _ _ H3).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(true && (9223372036854775807 <? hi mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
simpl (true && _)%bool.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr hi)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = true ->
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool true
intros Hlt; apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr hi)
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool true
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : 9223372036854775807 < hi mod Int64.modulus
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool true
rewrite Zaux.Zlt_bool_true; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = false ->
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool false
intros Hnlt; apply ltu_false_inv64 in Hnlt; apply Z.ge_le in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : Int64.unsigned (Int64.repr hi) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool false
rewrite Zaux.Zlt_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : Int64.unsigned (Int64.repr hi) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
hi mod Z.pow_pos 2 64 <= 9223372036854775807
rewrite Int64.unsigned_repr_eq, Int64.unsigned_repr in Hnlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : hi mod Int64.modulus <= 9223372036854775807
hi mod Z.pow_pos 2 64 <= 9223372036854775807
assumption .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = false PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
apply ltu_false_inv64 in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned (Int64.repr 9223372036854775807 ) >=
Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in H3 by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 >=
(let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulusPNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
apply Z.ge_le in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulus <= 9223372036854775807 PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite !Z.gtb_ltb.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulus <= 9223372036854775807 PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
((9223372036854775807 <?
(r0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
(9223372036854775807 <? hi mod 2 ^ 64 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Zaux.Zlt_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(_t'6 = (_r->_hi);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (!(_t'3
<= (_t'6 + _hi > (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}
}) POSTCONDITION
forward_if;[|forward];try entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 >?
9223372036854775807 ) &&
((let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.add
(Int64.repr
(let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q))
(Int64.repr
(let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
rewrite add64_repr in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 >?
9223372036854775807 ) &&
((let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) +
(let
(q , _) :=
Z.div_eucl
(a * b +
r0 mod Z.pow_pos 2 64 )
(Z.pow_pos 2 64 ) in
q))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) mod
2 ^ 64 >?
9223372036854775807 ) &&
((let
(q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q) mod
2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
((let
(q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) +
(let
(q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
fold (r0 / 2 ^64 ) in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
((let
(q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q) mod
2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 +
(let
(q , _) :=
Z.div_eucl
(a * b + r0 mod 2 ^ 64 )
(2 ^ 64 ) in
q))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
fold ((a * b + r0 mod 2 ^ 64 ) / 2 ^64 ) in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(((a * b + r0 mod 2 ^ 64 ) /
2 ^ 64 ) mod
2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) /
2 ^ 64 )))))))
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
revert H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )
mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )));
[destruct (_ && _)%bool; discriminate |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )
mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.gtb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(((a * b + r0 mod ...) / 2 ^ 64 )
mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )
mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.gtb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64
9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Habr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) =
false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) = false
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
apply ltu_false_inv64 in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : Int64.unsigned (Int64.repr 9223372036854775807 ) >=
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
apply Z.ge_le in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
apply Zle_not_lt in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((85 ))%expr;
(___stringlit_5)%expr]);)
_abort([]);)
}) POSTCONDITION
elim Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
assert (Hr0hi_neg : -2 ^63 <= r0 / 2 ^ 64 < 0 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
- 2 ^ 63 <= r0 / 2 ^ 64 < 0
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
- 2 ^ 63 <= r0 / 2 ^ 64 < 0
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
- 2 ^ 63 <= r0 / 2 ^ 64 < 0
apply Int64_high_is_neg;lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
assert (Habr0hi_neg : -2 ^63 <= hi < 0 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
- 2 ^ 63 <= hi < 0
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
- 2 ^ 63 <= hi < 0
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
- 2 ^ 63 <= hi < 0
apply Int64_high_is_neg;unfold hi; lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))
fold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 + hi))
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 <
(r0 / 2 ^ 64 + hi) mod Int64.modulus
change (r0 / 2 ^ 64 + hi) with (2 ^64 mod 2 ^64 + (r0 / 2 ^ 64 + hi)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 <
(2 ^ 64 mod 2 ^ 64 + (r0 / 2 ^ 64 + hi))
mod Int64.modulus
rewrite Zplus_mod_idemp_l.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 <
(2 ^ 64 + (r0 / 2 ^ 64 + hi)) mod Int64.modulus
rewrite Z.mod_small by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 < 2 ^ 64 + (r0 / 2 ^ 64 + hi)
unfold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 <
2 ^ 64 +
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )
rewrite <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 <
2 ^ 64 +
(r0 / 2 ^ 64 * 2 ^ 64 + (a * b + r0 mod 2 ^ 64 )) /
2 ^ 64
replace (r0 / 2 ^ 64 * 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ))
with (a * b + (2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 ))
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 <
2 ^ 64 +
(a * b + (2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 )) /
2 ^ 64
rewrite <- Z.div_mod by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 < 2 ^ 64 + (a * b + r0) / 2 ^ 64
rewrite (Z.add_comm _ r0).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 < 2 ^ 64 + (r0 + a * b) / 2 ^ 64
fold r1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
9223372036854775807 < 2 ^ 64 + r1 / 2 ^ 64
cut (-2 ^63 <= r1 / 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
- 2 ^ 63 <= r1 / 2 ^ 64
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : 9223372036854775807 <
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ) mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(r0 / 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_neg : - 2 ^ 63 <= hi < 0
- 2 ^ 63 <= r1 / 2 ^ 64
apply Z.div_le_lower_bound; rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
((_t'5 = (_r->_hi);
(_r->_hi) = (_t'5 + _hi);)
MORE_COMMANDS)
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh r1 r) *
stackframe_of f_secp256k1_i128_accum_mul)%logic)
do 4 forward.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr r0));
temp _t'5 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.add (Int64.repr r0)
(Int64.repr (a * b))),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) (Int64.repr hi))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh r1 r)
unfold secp256k1_uint128_at, r1, hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr r0));
temp _t'5 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi
(Vlong
(Int64.repr ((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.add (Int64.repr r0)
(Int64.repr (a * b))),
Vlong
(Int64.add
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q))
(Int64.repr
((a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))) r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(Z.shiftr (r0 + a * b) 64 )))
r)
entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
fold (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q) +
(a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
fold (r0 / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
rewrite <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((r0 / 2 ^ 64 * 2 ^ 64 +
(a * b + r0 mod 2 ^ 64 )) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
replace (r0 / 2 ^ 64 * 2 ^ 64 + (a * b + r0 mod 2 ^ 64 ))
with ((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 ) + a * b)
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 +
a * b) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
rewrite <- Z.div_mod by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 + a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) + (a * b + r0 mod 2 ^ 64 ) / 2 ^ 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr ((r0 + a * b) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 + a * b)),
Vlong (Int64.repr (Z.shiftr (r0 + a * b) 64 ))) r
rewrite Z.shiftr_div_pow2;[entailer!|lia ].
Qed .
Lemma body_secp256k1_i128_dissip_mul_spec : semax_body Vprog Gprog f_secp256k1_i128_dissip_mul secp256k1_i128_dissip_mul_spec.semax_body Vprog Gprog f_secp256k1_i128_dissip_mul
secp256k1_i128_dissip_mul_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_dissip_mul
secp256k1_i128_dissip_mul_spec
start_function. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed H2 : Int128_min_signed <= r0 - a * b <=
Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (secp256k1_uint128_at sh r0 r))
(_lo = ((tulong) _a * (tulong) _b);
MORE_COMMANDS) POSTCONDITION
set (r1 := r0 - a * b) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (secp256k1_uint128_at sh r0 r))
(_lo = ((tulong) _a * (tulong) _b);
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_lo = ((tulong) _a * (tulong) _b);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _lo
(Vlong
(Int64.mul (Int64.repr a)
(Int64.repr b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'1 = _secp256k1_mulh([(_a)%expr; (_b)%expr]);
_t'12 = (_r->_lo);
_hi = ((tulong) _t'1 + (_t'12 < _lo));)
MORE_COMMANDS) POSTCONDITION
forward_call. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo
(Vlong (Int64.mul (Int64.repr a) (Int64.repr b)));
temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'12 = (_r->_lo);
_hi = ((tulong) _t'1 + (_t'12 < _lo));)
MORE_COMMANDS) POSTCONDITION
rewrite mul64_repr.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'12 = (_r->_lo);
_hi = ((tulong) _t'1 + (_t'12 < _lo));)
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(sem_binary_operation' Oadd tulong tint
(eval_cast tlong tulong
(Vlong
(Int64.repr
(Z.shiftr (a * b) 64 ))))
(eval_binop Olt tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr (a * b))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
simpl (force_val _).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Val.of_bool
(Int64.ltu (Int64.repr r0)
(Int64.repr (a * b))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
replace (Val.of_bool _) with (Vint (Int.repr (if r0 mod 2 ^64 <? (a * b) mod 2 ^ 64 then 1 else 0 ))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Vint
(Int.repr
(if
r0 mod 2 ^ 64 <?
(a * b) mod 2 ^ 64
then 1
else 0 )))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
2 :{Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr r0) (Int64.repr (a * b)))
case_eq (Int64.ltu (Int64.repr r0) (Int64.repr (a * b))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.ltu (Int64.repr r0) (Int64.repr (a * b)) = true ->
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.ltu (Int64.repr r0) (Int64.repr (a * b)) = true ->
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
intros Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.ltu (Int64.repr r0) (Int64.repr (a * b)) =
true
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : Int64.unsigned (Int64.repr r0) <
Int64.unsigned (Int64.repr (a * b))
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
rewrite !Int64.unsigned_repr_eq in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : r0 mod Int64.modulus < (a * b) mod Int64.modulus
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
apply Z.ltb_lt in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : (r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64 ) = true
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool true
rewrite Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hlt : (r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64 ) = true
Vint (Int.repr 1 ) = Val.of_bool true
reflexivity .
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
Int64.ltu (Int64.repr r0) (Int64.repr (a * b)) = false ->
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
intros Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : Int64.ltu (Int64.repr r0) (Int64.repr (a * b)) =
false
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
apply ltu_false_inv64 in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : Int64.unsigned (Int64.repr r0) >=
Int64.unsigned (Int64.repr (a * b))
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
rewrite Int64.unsigned_repr_eq in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : r0 mod Int64.modulus >=
Int64.unsigned (Int64.repr (a * b))
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
rewrite Int64.unsigned_repr_eq, Z.ge_le_iff in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : (a * b) mod Int64.modulus <=
r0 mod Int64.modulus
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : (a * b) mod 2 ^ 64 <= r0 mod 2 ^ 64
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
apply Zaux.Zlt_bool_false in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : (r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64 ) = false
Vint
(Int.repr
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64
then 1
else 0 )) = Val.of_bool false
rewrite Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hnlt : (r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64 ) = false
Vint (Int.repr 0 ) = Val.of_bool false
reflexivity .
} Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(force_val
(both_long
(fun n1 n2 : int64 =>
Some (Vlong (Int64.add n1 n2)))
sem_cast_pointer
(sem_cast_i2l Signed)
(Vlong
(Int64.repr (Z.shiftr (a * b) 64 )))
(Vint
(Int.repr
(if
r0 mod 2 ^ 64 <?
(a * b) mod 2 ^ 64
then 1
else 0 )))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
simpl (force_val _).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.add
(Int64.repr (Z.shiftr (a * b) 64 ))
(Int64.repr
(Int.signed
(Int.repr
(if
r0 mod Z.pow_pos 2 64 <?
(a * b)
mod Z.pow_pos 2 64
then 1
else 0 ))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
change (Z.pow_pos 2 64 ) with (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.add
(Int64.repr (Z.shiftr (a * b) 64 ))
(Int64.repr
(Int.signed
(Int.repr
(if
r0 mod 2 ^ 64 <?
(a * b) mod 2 ^ 64
then 1
else 0 ))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1
(Vlong (Int64.repr (Z.shiftr (a * b) 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite !Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.add
(Int64.repr (a * b / 2 ^ 64 ))
(Int64.repr
(Int.signed
(Int.repr
(if
r0 mod 2 ^ 64 <?
(a * b) mod 2 ^ 64
then 1
else 0 ))))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite add64_repr, Int.signed_repr by (destruct (Z.ltb _ _); rep_lia).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(a * b / 2 ^ 64 +
(if
r0 mod 2 ^ 64 <?
(a * b) mod 2 ^ 64
then 1
else 0 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
replace (if _ <? _ then 1 else 0 ) with (-((r0 mod 2 ^ 64 - (a * b) mod 2 ^64 ) / 2 ^ 64 )).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(a * b / 2 ^ 64 +
-
((r0 mod 2 ^ 64 -
(a * b) mod 2 ^ 64 ) / 2 ^ 64 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
2 : {Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) =
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64 then 1 else 0 )
assert (Hmodr0 := (Z.mod_pos_bound r0 (2 ^64 ) (refl_equal _))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) =
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64 then 1 else 0 )
assert (Hmodab := (Z.mod_pos_bound (a*b) (2 ^64 ) (refl_equal _))).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) =
(if r0 mod 2 ^ 64 <? (a * b) mod 2 ^ 64 then 1 else 0 )
case (Z.ltb_spec0 _ _).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64 ->
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) = 1
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64 ->
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) = 1
intros Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) = 1
rewrite Z.eq_opp_l.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
(r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 = - (1 )
apply Z.le_antisymm.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
(r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 <= - (1 )
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
(r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 <= - (1 )
apply Zlt_succ_le.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
(r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 <
Z.succ (- (1 ))
apply Z.div_lt_upper_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 <
2 ^ 64 * Z.succ (- (1 ))
change (2 ^64 * _) with (0 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 < 0
lia .
- Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
- (1 ) <= (r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64
apply Z.div_le_lower_bound;[reflexivity |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hlt : r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
2 ^ 64 * - (1 ) <= r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64
lia .
* Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64
~ r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64 ->
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) = 0
intros Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hnlt : ~ r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
- ((r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 ) = 0
rewrite Z.eq_opp_l.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hnlt : ~ r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
(r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ) / 2 ^ 64 = - 0
apply Z.div_small.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hmodr0 : 0 <= r0 mod 2 ^ 64 < 2 ^ 64 Hmodab : 0 <= (a * b) mod 2 ^ 64 < 2 ^ 64 Hnlt : ~ r0 mod 2 ^ 64 < (a * b) mod 2 ^ 64
0 <= r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 < 2 ^ 64
lia .
} Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(a * b / 2 ^ 64 +
-
((r0 mod 2 ^ 64 -
(a * b) mod 2 ^ 64 ) / 2 ^ 64 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite Z.add_opp_r, <- Z.add_opp_l, <- Z.opp_sub_distr, <- Z.add_opp_l.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(-
(- (a * b / 2 ^ 64 ) +
(r0 mod 2 ^ 64 -
(a * b) mod 2 ^ 64 ) / 2 ^ 64 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(-
((- (a * b / 2 ^ 64 ) * 2 ^ 64 +
(r0 mod 2 ^ 64 -
(a * b) mod 2 ^ 64 )) / 2 ^ 64 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
replace (-(a * b / 2 ^ 64 ) * 2 ^ 64 +
(r0 mod 2 ^ 64 - (a * b) mod 2 ^ 64 ))
with (-(2 ^ 64 * (a * b / 2 ^ 64 ) + (a * b) mod 2 ^ 64 ) + r0 mod 2 ^ 64 )
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(-
((-
(2 ^ 64 * (a * b / 2 ^ 64 ) +
(a * b) mod 2 ^ 64 ) +
r0 mod 2 ^ 64 ) / 2 ^ 64 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
rewrite <- Z.div_mod, Z.add_opp_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi
(Vlong
(Int64.repr
(-
((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
set (hi := -((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
assert (Hab_tight := mul128_tight _ _ H H0).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
assert (Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
Int64.min_signed <= hi <= Int64.max_signed
cut (Int64.min_signed - 1 < hi <= Int64.max_signed);[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
Int64.min_signed - 1 < hi <= Int64.max_signed
unfold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126
Int64.min_signed - 1 <
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) <=
Int64.max_signed
assert (Hr0_bound : 0 <= r0 mod 2 ^64 < 2 ^64 ) by
(apply Z.mod_pos_bound;lia ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hr0_bound : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
Int64.min_signed - 1 <
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) <=
Int64.max_signed
split .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hr0_bound : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
Int64.min_signed - 1 <
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )
rewrite Z.opp_lt_mono, Z.opp_involutive.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hr0_bound : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
(r0 mod 2 ^ 64 - a * b) / 2 ^ 64 <
- (Int64.min_signed - 1 )
apply Z.div_lt_upper_bound;rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hr0_bound : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) <=
Int64.max_signed
rewrite Z.opp_le_mono, Z.opp_involutive.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hr0_bound : 0 <= r0 mod 2 ^ 64 < 2 ^ 64
- Int64.max_signed <= (r0 mod 2 ^ 64 - a * b) / 2 ^ 64
apply Z.div_le_lower_bound;rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int128_min_signed <= r0 <= Int128_max_signed r1 := r0 - a * b : Z H2 : Int128_min_signed <= r1 <= Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
unfold Int128_min_signed, Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
assert (Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <= Int64.max_signed).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
Int64.min_signed <= r0 / 2 ^ 64 <= Int64.max_signed
cut (Int64.min_signed <= r0 / 2 ^ 64 < Int64.max_signed + 1 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed
Int64.min_signed <= r0 / 2 ^ 64 < Int64.max_signed + 1
split ;[apply Z.div_le_lower_bound|apply Z.div_lt_upper_bound];rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 =
(tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
_t'9 = (_r->_hi);
if (!(_t'2
<= (_t'9 - _hi
<= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
((_t'11 = (_r->_hi);
if (_t'11 <= (9223372036854775807 )LL) {
_t'2 = (tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
})
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'11
(Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (_t'11 <= (9223372036854775807 )LL) {
_t'2 = (tbool) (_hi > (9223372036854775807 )LL);
} else {
_t'2 = (0 );
}
MORE_COMMANDS) POSTCONDITION
forward_if (PROP ( )
LOCAL (temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi)); temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a)); temp _b (Vlong (Int64.repr b));
temp _t'2 (Vint (Int.repr (if (((r0 / 2 ^64 ) mod 2 ^64 <=? 9223372036854775807 ) && (hi mod 2 ^64 >? 9223372036854775807 ))%bool then 1 else 0 :Z))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0), Vlong (Int64.repr (r0 / 2 ^ 64 ))) r));
try (forward; entailer!). Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = false H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
apply ltu_false_inv64 in H3; apply Z.ge_le in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
rewrite Int64.unsigned_repr_eq, Int64.unsigned_repr in H3; try rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulus <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod Int64.modulus <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
fold (r0 / (2 ^ 64 )) in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
rewrite (Zle_imp_le_bool _ _ H3).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(true && (hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
rewrite !Z.gtb_ltb.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(true && (9223372036854775807 <? hi mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
simpl (true && _)%bool.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) =
Val.of_bool
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi))
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr hi)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = true ->
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool true
intros Hlt; apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr hi)
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool true
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : 9223372036854775807 < hi mod Int64.modulus
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool true
rewrite Zaux.Zlt_bool_true; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = false ->
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool false
intros Hnlt; apply ltu_false_inv64 in Hnlt; apply Z.ge_le in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : Int64.unsigned (Int64.repr hi) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
Vint
(Int.repr
(if 9223372036854775807 <? hi mod Z.pow_pos 2 64
then 1
else 0 )) = Val.of_bool false
rewrite Zaux.Zlt_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : Int64.unsigned (Int64.repr hi) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
hi mod Z.pow_pos 2 64 <= 9223372036854775807
rewrite Int64.unsigned_repr_eq, Int64.unsigned_repr in Hnlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ogt tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : hi mod Int64.modulus <= 9223372036854775807
hi mod Z.pow_pos 2 64 <= 9223372036854775807
assumption .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = true PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
apply ltu_inv64 in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in H3 by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulusPNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Zaux.Zle_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'11
(Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(_t'9 = (_r->_hi);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (!(_t'2
<= (_t'9 - _hi <= (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}
}) POSTCONDITION
forward_if;[|forward];try entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 <=?
9223372036854775807 ) &&
(-
(let
(q , _) :=
Z.div_eucl
(r0 mod ... - a * b)
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr
9223372036854775807 )
(Int64.sub
(Int64.repr
(let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q))
(Int64.repr
(-
(let
(q , _) :=
Z.div_eucl
(r0 mod Z.pow_pos 2 64 -
a * b)
(Z.pow_pos 2 64 ) in
q))))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
revert H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Z.pow_pos 2 64 <=?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(Z.pow_pos 2 64 ) in
q) mod Z.pow_pos 2 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.sub
(Int64.repr
(let (q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q))
(Int64.repr
(-
(let (q , _) :=
Z.div_eucl
(r0 mod ... - a * b)
(Z.pow_pos 2 64 ) in
q)))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.sub
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q))
(Int64.repr
(-
(let (q , _) :=
Z.div_eucl
(r0 mod ... - a * b)
(2 ^ 64 ) in
q)))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
rewrite sub64_repr.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) -
-
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 - a * b)
(2 ^ 64 ) in
q))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
fold (r0 / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 -
-
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 - a * b)
(2 ^ 64 ) in
q))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
fold ((r0 mod 2 ^ 64 - a * b) / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(-
((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )
mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 -
-
((r0 mod 2 ^ 64 - a * b) /
2 ^ 64 ))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
fold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(negb
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr
(r0 / 2 ^ 64 - hi)));
[|destruct (_ && _)%bool; discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 <=?
9223372036854775807 ) &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.leb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 >? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.gtb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807
9223372036854775807 < hi mod 2 ^ 64 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Habr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = true ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = true
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
apply ltu_inv64 in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
apply Zlt_not_le in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool (negb true))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'9 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'11 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'2
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'10 = _stderr;
_fprintf
([(_t'10)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((93 ))%expr;
(___stringlit_6)%expr]);)
_abort([]);)
}) POSTCONDITION
elim Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
assert (Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^63 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
0 <= r0 / 2 ^ 64 < 2 ^ 63
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
0 <= r0 / 2 ^ 64 < 2 ^ 63
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
0 <= r0 / 2 ^ 64 < 2 ^ 63
apply Int64_low_is_nonneg;lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
assert (Habr0hi_neg : -2 ^63 <= hi < 0 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
- 2 ^ 63 <= hi < 0
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
- 2 ^ 63 <= hi < 0
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63
- 2 ^ 63 <= hi < 0
apply Int64_high_is_neg;unfold hi in *; lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
rewrite !Int64.unsigned_repr by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
r0 / 2 ^ 64 - hi <= 9223372036854775807
unfold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
r0 / 2 ^ 64 - - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) <=
9223372036854775807
rewrite Z.sub_opp_r, <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
(r0 / 2 ^ 64 * 2 ^ 64 + (r0 mod 2 ^ 64 - a * b)) /
2 ^ 64 <= 9223372036854775807
replace (r0 / 2 ^ 64 * 2 ^ 64 + (r0 mod 2 ^ 64 - a * b))
with ((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 ) - a * b)
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
(2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 - a * b) /
2 ^ 64 <= 9223372036854775807
rewrite <- Z.div_mod by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
(r0 - a * b) / 2 ^ 64 <= 9223372036854775807
cut ((r0 - a * b) / 2 ^ 64 < 2 ^63 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
(r0 - a * b) / 2 ^ 64 < 2 ^ 63
fold r1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 <= 9223372036854775807 Habr0 : 9223372036854775807 < hi mod 2 ^ 64 Hr1 : ~
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 ) Hr0hi_nonneg : 0 <= r0 / 2 ^ 64 < 2 ^ 63 Habr0hi_neg : - 2 ^ 63 <= hi < 0
r1 / 2 ^ 64 < 2 ^ 63
apply Z.div_lt_upper_bound; rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 POSTCONDITION := abbreviate : ret_assert hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
break;) {
((_t'8 = (_r->_hi);
if (_t'8 > (9223372036854775807 )LL) {
_t'3 =
(tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'3 = (0 );
})
_t'6 = (_r->_hi);
if (!(_t'3
<= (_t'6 - _hi > (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}
})
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
((_t'8 = (_r->_hi);
if (_t'8 > (9223372036854775807 )LL) {
_t'3 = (tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'3 = (0 );
})
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (_t'8 > (9223372036854775807 )LL) {
_t'3 = (tbool) (_hi <= (9223372036854775807 )LL);
} else {
_t'3 = (0 );
}
MORE_COMMANDS) POSTCONDITION
forward_if (PROP ( )
LOCAL (temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi)); temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a)); temp _b (Vlong (Int64.repr b));
temp _t'3 (Vint (Int.repr (if (((r0 / 2 ^64 ) mod 2 ^64 >? 9223372036854775807 ) && (hi mod 2 ^64 <=? 9223372036854775807 ))%bool then 1 else 0 :Z))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0), Vlong (Int64.repr (r0 / 2 ^ 64 ))) r));
try (forward; entailer!). Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = true H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
apply ltu_inv64 in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in H3; try rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulusH4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod Int64.modulusH4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
rewrite !Z.gtb_ltb.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 <
(let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q)
mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
((9223372036854775807 <?
(r0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
fold (r0 / 2 ^64 ) in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
((9223372036854775807 <?
(r0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
rewrite (Zaux.Zlt_bool_true _ _ H3).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
simpl (true && _)%bool.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) =
Val.of_bool
(negb
(Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi)))
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr hi)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = true ->
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb true)
intros Hlt; apply ltu_inv64 in Hlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr hi)
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb true)
rewrite Zaux.Zle_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr hi)
9223372036854775807 < hi mod Z.pow_pos 2 64
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in Hlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hlt : 9223372036854775807 < hi mod Int64.modulus
9223372036854775807 < hi mod Z.pow_pos 2 64
assumption .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr hi) = false ->
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb false)
intros Hnlt; apply ltu_false_inv64 in Hnlt; apply Z.ge_le in Hnlt.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : Int64.unsigned (Int64.repr hi) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb false)
rewrite Int64.unsigned_repr_eq, Int64.unsigned_repr in Hnlt by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 H4 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Ole tulong tulong
(Vlong (Int64.repr hi))
(Vlong
(Int64.repr 9223372036854775807 ))))) PNr : is_pointer_or_null r H5 : field_compatible t_secp256k1_uint128 [] r H6 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) Hnlt : hi mod Int64.modulus <= 9223372036854775807
Vint
(Int.repr
(if hi mod Z.pow_pos 2 64 <=? 9223372036854775807
then 1
else 0 )) = Val.of_bool (negb false)
rewrite Zle_imp_le_bool; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) = false PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
apply ltu_false_inv64 in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : Int64.unsigned (Int64.repr 9223372036854775807 ) >=
Int64.unsigned
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq in H3 by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : 9223372036854775807 >=
(let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulusPNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
apply Z.ge_le in H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulus <= 9223372036854775807 PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite !Z.gtb_ltb.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed H3 : (let (q , _) := Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Int64.modulus <= 9223372036854775807 PNr : is_pointer_or_null r H4 : field_compatible t_secp256k1_uint128 [] r H5 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 )))
Vint
(Int.repr
(if
((9223372036854775807 <?
(r0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Zaux.Zlt_bool_false; auto .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(_t'6 = (_r->_hi);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(if (!(_t'3
<= (_t'6 - _hi > (9223372036854775807 )LL))) {
for (;
;
break;) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}
}) POSTCONDITION
forward_if;[|forward];try entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert H3 : typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some
(Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 >?
9223372036854775807 ) &&
(-
(let
(q , _) :=
Z.div_eucl
(r0 mod ... - a * b)
(Z.pow_pos 2 64 ) in
q) mod
Z.pow_pos 2 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.sub
(Int64.repr
(let
(q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q))
(Int64.repr
(-
(let
(q , _) :=
Z.div_eucl
(r0 mod Z.pow_pos 2 64 -
a * b)
(Z.pow_pos 2 64 ) in
q)))))))))
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
revert H3.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) mod Z.pow_pos 2 64 >?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(Z.pow_pos 2 64 ) in
q) mod Z.pow_pos 2 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.sub
(Int64.repr
(let (q , _) :=
Z.div_eucl r0
(Z.pow_pos 2 64 ) in
q))
(Int64.repr
(-
(let (q , _) :=
Z.div_eucl
(r0 mod Z.pow_pos 2 64 -
a * b) (Z.pow_pos 2 64 ) in
q))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
change (Z.pow_pos 2 64 ) with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) mod 2 ^ 64 >?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.sub
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q))
(Int64.repr
(-
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 - a * b)
(2 ^ 64 ) in
q))))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
rewrite sub64_repr.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) mod 2 ^ 64 >?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (2 ^ 64 ) in
q) -
-
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 - a * b)
(2 ^ 64 ) in
q)))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
fold (r0 / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(-
(let (q , _) :=
Z.div_eucl (... - ...)
(2 ^ 64 ) in
q) mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 -
-
(let (q , _) :=
Z.div_eucl
(r0 mod 2 ^ 64 - a * b)
(2 ^ 64 ) in
q)))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
fold ((r0 mod 2 ^ 64 - a * b) / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(-
((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )
mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr
(r0 / 2 ^ 64 -
-
((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
fold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 )))
(Val.of_bool
(Int64.ltu
(Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi))))))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
case_eq (Int64.ltu (Int64.repr 9223372036854775807 ) (Int64.repr
(r0 / 2 ^ 64 - hi)));
[destruct (_ && _)%bool; discriminate |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(((r0 / 2 ^ 64 ) mod 2 ^ 64 >?
9223372036854775807 ) &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.gtb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert
9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=?
9223372036854775807 ))%bool
then 1
else 0 ))) (Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if
(true &&
(hi mod 2 ^ 64 <=? 9223372036854775807 ))%bool
then 1
else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
elim (Z.leb_spec _ _);[|discriminate ].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64
hi mod 2 ^ 64 <= 9223372036854775807 ->
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Habr0.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807
Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = false ->
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
intros Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : Int64.ltu (Int64.repr 9223372036854775807 )
(Int64.repr (r0 / 2 ^ 64 - hi)) = false
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
apply ltu_false_inv64 in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : Int64.unsigned (Int64.repr 9223372036854775807 ) >=
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
apply Z.ge_le in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) <=
Int64.unsigned (Int64.repr 9223372036854775807 )
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
apply Zle_not_lt in Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
typed_true tint
(eval_unop Onotbool tint
(force_val
(both_int
(fun n1 n2 : int =>
Some (Val.of_bool (negb (Int.lt n2 n1))))
(sem_cast_i2i I32 Signed)
(sem_cast_i2i I32 Signed)
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 )))
(Val.of_bool false)))) ->
semax Delta
(PROP ( )
LOCAL (temp _t'6 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _t'8 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _t'3
(Vint
(Int.repr
(if (true && true)%bool then 1 else 0 ))))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
(for (;
;
(break;)%C) {
((_t'7 = _stderr;
_fprintf
([(_t'7)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((94 ))%expr;
(___stringlit_7)%expr]);)
_abort([]);)
}) POSTCONDITION
elim Hr1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
assert (Hr0hi_neg : -2 ^63 <= r0 / 2 ^ 64 < 0 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
- 2 ^ 63 <= r0 / 2 ^ 64 < 0
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
- 2 ^ 63 <= r0 / 2 ^ 64 < 0
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
- 2 ^ 63 <= r0 / 2 ^ 64 < 0
apply Int64_high_is_neg;lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
assert (Habr0hi_nonneg : 0 <= hi < 2 ^63 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
0 <= hi < 2 ^ 63
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
0 <= hi < 2 ^ 63
unfold Int128_max_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0
0 <= hi < 2 ^ 63
apply Int64_low_is_nonneg;unfold hi in *; lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi))
rewrite Int64.unsigned_repr, Int64.unsigned_repr_eq by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 <
(r0 / 2 ^ 64 - hi) mod Int64.modulus
change (r0 / 2 ^ 64 - hi) with (2 ^64 mod 2 ^64 + (r0 / 2 ^ 64 - hi)).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 <
(2 ^ 64 mod 2 ^ 64 + (r0 / 2 ^ 64 - hi))
mod Int64.modulus
rewrite Zplus_mod_idemp_l.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 <
(2 ^ 64 + (r0 / 2 ^ 64 - hi)) mod Int64.modulus
rewrite Z.mod_small by rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 < 2 ^ 64 + (r0 / 2 ^ 64 - hi)
unfold hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 <
2 ^ 64 +
(r0 / 2 ^ 64 - - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))
rewrite Z.sub_opp_r, <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 <
2 ^ 64 +
(r0 / 2 ^ 64 * 2 ^ 64 + (r0 mod 2 ^ 64 - a * b)) /
2 ^ 64
replace (r0 / 2 ^ 64 * 2 ^ 64 + (r0 mod 2 ^ 64 - a*b))
with ((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 )- a*b)
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 <
2 ^ 64 +
(2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 - a * b) /
2 ^ 64
rewrite <- Z.div_mod by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 < 2 ^ 64 + (r0 - a * b) / 2 ^ 64
fold r1.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
9223372036854775807 < 2 ^ 64 + r1 / 2 ^ 64
cut (-2 ^63 <= r1 / 2 ^64 );[lia |].Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
- 2 ^ 63 <= r1 / 2 ^ 64
unfold Int128_min_signed in *.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed POSTCONDITION := abbreviate : ret_assert Hr0 : 9223372036854775807 < (r0 / 2 ^ 64 ) mod 2 ^ 64 Habr0 : hi mod 2 ^ 64 <= 9223372036854775807 Hr1 : ~
Int64.unsigned (Int64.repr 9223372036854775807 ) <
Int64.unsigned (Int64.repr (r0 / 2 ^ 64 - hi)) Hr0hi_neg : - 2 ^ 63 <= r0 / 2 ^ 64 < 0 Habr0hi_nonneg : 0 <= hi < 2 ^ 63
- 2 ^ 63 <= r1 / 2 ^ 64
apply Z.div_le_lower_bound; rep_lia.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (r0 / 2 ^ 64 ))) r))
((_t'5 = (_r->_hi);
(_r->_hi) = (_t'5 - _hi);)
MORE_COMMANDS)
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh r1 r) *
stackframe_of f_secp256k1_i128_dissip_mul)%logic)
do 4 forward.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr r0));
temp _t'5 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi (Vlong (Int64.repr hi));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.sub (Int64.repr r0)
(Int64.repr (a * b))),
Vlong
(Int64.sub
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q)) (Int64.repr hi))) r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh r1 r)
unfold secp256k1_uint128_at, r1, hi.Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr r0));
temp _t'5 (Vlong (Int64.repr (r0 / 2 ^ 64 )));
temp _hi
(Vlong
(Int64.repr
(- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))));
temp _t'12 (Vlong (Int64.repr r0));
temp _t'1 (Vlong (Int64.repr (a * b / 2 ^ 64 )));
temp _lo (Vlong (Int64.repr (a * b))); temp _r r;
temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.sub (Int64.repr r0)
(Int64.repr (a * b))),
Vlong
(Int64.sub
(Int64.repr
(let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q))
(Int64.repr
(- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
(Z.shiftr (r0 - a * b) 64 )))
r)
entailer!. Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) - - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))))
r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong (Int64.repr (Z.shiftr (r0 - a * b) 64 ))) r
fold (2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) := Z.div_eucl r0 (2 ^ 64 ) in q) -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong (Int64.repr (Z.shiftr (r0 - a * b) 64 ))) r
fold (r0 / 2 ^64 ).Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
(r0 / 2 ^ 64 -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 )))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong (Int64.repr (Z.shiftr (r0 - a * b) 64 ))) r
rewrite Z.sub_opp_r, <- Z.div_add_l by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((r0 / 2 ^ 64 * 2 ^ 64 +
(r0 mod 2 ^ 64 - a * b)) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong (Int64.repr (Z.shiftr (r0 - a * b) 64 ))) r
replace (r0 / 2 ^ 64 * 2 ^ 64 + (r0 mod 2 ^ 64 - a * b))
with ((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 ) - a * b)
by ring .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((2 ^ 64 * (r0 / 2 ^ 64 ) + r0 mod 2 ^ 64 -
a * b) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong (Int64.repr (Z.shiftr (r0 - a * b) 64 ))) r
rewrite <- Z.div_mod by lia .Espec : OracleKind r : val sh : share r0, a, b : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 r1 := r0 - a * b : Z H2 : - 2 ^ 127 <= r1 <= 2 ^ 127 - 1 hi := - ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ) : Z Hab_tight : - 2 ^ 126 + 2 ^ 63 <= a * b <= 2 ^ 126 Hhi_bound : Int64.min_signed <= hi <= Int64.max_signed Hr0hi : Int64.min_signed <= r0 / 2 ^ 64 <=
Int64.max_signed PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong
(Int64.repr
((let (q , _) :=
Z.div_eucl r0 (Z.pow_pos 2 64 ) in
q) -
- ((r0 mod 2 ^ 64 - a * b) / 2 ^ 64 ))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong (Int64.repr ((r0 - a * b) / 2 ^ 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (r0 - a * b)),
Vlong (Int64.repr (Z.shiftr (r0 - a * b) 64 ))) r
rewrite Z.shiftr_div_pow2;[entailer!|lia ].
Qed .
Lemma body_secp256k1_i128_det : semax_body Vprog Gprog f_secp256k1_i128_det secp256k1_i128_det_spec.semax_body Vprog Gprog f_secp256k1_i128_det
secp256k1_i128_det_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_det
secp256k1_i128_det_spec
start_function. Espec : OracleKind r : val sh : share a, b, c, d : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int64.min_signed <= c <= Int64.max_signed H2 : Int64.min_signed <= d <= Int64.max_signed H3 : Int128_min_signed <= a * d - b * c <=
Int128_max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _c (Vlong (Int64.repr c));
temp _d (Vlong (Int64.repr d)))
SEP (data_at_ sh t_secp256k1_uint128 r))
(_secp256k1_i128_mul
([(_r)%expr; (_a)%expr; (_d)%expr]);
MORE_COMMANDS) POSTCONDITION
forward_call. Espec : OracleKind r : val sh : share a, b, c, d : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int64.min_signed <= c <= Int64.max_signed H2 : Int64.min_signed <= d <= Int64.max_signed H3 : Int128_min_signed <= a * d - b * c <=
Int128_max_signed POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _c (Vlong (Int64.repr c));
temp _d (Vlong (Int64.repr d)))
SEP (secp256k1_uint128_at sh (a * d) r))
(_secp256k1_i128_dissip_mul
([(_r)%expr; (_b)%expr; (_c)%expr]);)
POSTCONDITION
forward_call. Espec : OracleKind r : val sh : share a, b, c, d : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int64.min_signed <= c <= Int64.max_signed H2 : Int64.min_signed <= d <= Int64.max_signed H3 : Int128_min_signed <= a * d - b * c <=
Int128_max_signed
Int128_min_signed <= a * d <= Int128_max_signed
unfold Int128_min_signed, Int128_max_signed.Espec : OracleKind r : val sh : share a, b, c, d : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int64.min_signed <= c <= Int64.max_signed H2 : Int64.min_signed <= d <= Int64.max_signed H3 : Int128_min_signed <= a * d - b * c <=
Int128_max_signed
- 2 ^ 127 <= a * d <= 2 ^ 127 - 1
assert (Htight := mul128_tight _ _ H H2).Espec : OracleKind r : val sh : share a, b, c, d : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int64.min_signed <= c <= Int64.max_signed H2 : Int64.min_signed <= d <= Int64.max_signed H3 : Int128_min_signed <= a * d - b * c <=
Int128_max_signed Htight : - 2 ^ 126 + 2 ^ 63 <= a * d <= 2 ^ 126
- 2 ^ 127 <= a * d <= 2 ^ 127 - 1
lia .Espec : OracleKind r : val sh : share a, b, c, d : Z Delta_specs := abbreviate : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed H0 : Int64.min_signed <= b <= Int64.max_signed H1 : Int64.min_signed <= c <= Int64.max_signed H2 : Int64.min_signed <= d <= Int64.max_signed H3 : Int128_min_signed <= a * d - b * c <=
Int128_max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a));
temp _b (Vlong (Int64.repr b));
temp _c (Vlong (Int64.repr c));
temp _d (Vlong (Int64.repr d)))
SEP (secp256k1_uint128_at sh (a * d - b * c) r)
|-- (PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(a * d - b * c) r) *
stackframe_of f_secp256k1_i128_det)%logic
entailer!.
Qed .
Lemma body_secp256k1_i128_rshift : semax_body Vprog Gprog f_secp256k1_i128_rshift secp256k1_i128_rshift_spec.semax_body Vprog Gprog f_secp256k1_i128_rshift
secp256k1_i128_rshift_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_rshift
secp256k1_i128_rshift_spec
start_function. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(for (;
;
break;) {
if (!(_n < (128 ))) {
for (;
;
break;) {
((_t'6 = _stderr;
_fprintf
([(_t'6)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((108 ))%expr;
(___stringlit_1)%expr]);)
_abort([]);)
}
}
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert H1 : typed_true tint
(eval_unop Onotbool tint
(Val.of_bool
(Int.ltu (Int.repr n) (Int.repr 128 ))))
False
revert H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(Val.of_bool
(Int.ltu (Int.repr n) (Int.repr 128 )))) ->
False
case_eq (Int.ltu (Int.repr n) (Int.repr 128 ));[discriminate |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert
Int.ltu (Int.repr n) (Int.repr 128 ) = false ->
typed_true tint
(eval_unop Onotbool tint (Val.of_bool false)) ->
False
intros Hltu _.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert Hltu : Int.ltu (Int.repr n) (Int.repr 128 ) = false
False
apply ltu_false_inv in Hltu.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert Hltu : Int.unsigned (Int.repr n) >=
Int.unsigned (Int.repr 128 )
False
change (Int.unsigned (Int.repr 128 )) with 128 in Hltu.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 POSTCONDITION := abbreviate : ret_assert Hltu : Int.unsigned (Int.repr n) >= 128
False
rewrite Int.unsigned_repr in Hltu; rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(if (_n >= (64 )) {
((_t'5 = (_r->_hi);
(_r->_lo) =
(tulong) ((tlong) _t'5 >> (_n - (64 )));)
_t'4 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'4 >> (63 ));)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'1 >> _n);)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh
(Z.shiftr r0 n) r) *
stackframe_of f_secp256k1_i128_rshift)%logic)
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
((_t'5 = (_r->_hi);
(_r->_lo) =
(tulong) ((tlong) _t'5 >> (_n - (64 )));)
_t'4 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'4 >> (63 ));)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'1 >> _n);)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_i128_rshift)%logic)
assert (Hr064 : Int64.min_signed <= Z.shiftr r0 64 <= Int64.max_signed).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128
Int64.min_signed <= Z.shiftr r0 64 <= Int64.max_signed
rewrite Zbits.Zshiftr_div_two_p, two_p_correct by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128
Int64.min_signed <= r0 / 2 ^ 64 <= Int64.max_signed
unfold Int128_min_signed in H.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= Int128_max_signed H0 : 0 <= n < 128
Int64.min_signed <= r0 / 2 ^ 64 <= Int64.max_signed
unfold Int128_max_signed in H.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128
Int64.min_signed <= r0 / 2 ^ 64 <= Int64.max_signed
split .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128
Int64.min_signed <= r0 / 2 ^ 64
apply Z.div_le_lower_bound; rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128
r0 / 2 ^ 64 <= Int64.max_signed
cut (r0 / 2 ^ 64 < Int64.max_signed + 1 );[lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128
r0 / 2 ^ 64 < Int64.max_signed + 1
apply Z.div_lt_upper_bound; rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
((_t'5 = (_r->_hi);
(_r->_lo) =
(tulong) ((tlong) _t'5 >> (_n - (64 )));)
_t'4 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'4 >> (63 ));)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'1 >> _n);)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_i128_rshift)%logic)
assert (Hr0127 : {Z.shiftr r0 127 = 0 } + {Z.shiftr r0 127 = -1 }).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed
{Z.shiftr r0 127 = 0 } + {Z.shiftr r0 127 = -1 }
rewrite Zbits.Zshiftr_div_two_p, two_p_correct by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed
{r0 / 2 ^ 127 = 0 } + {r0 / 2 ^ 127 = -1 }
destruct (Z.eq_dec (r0 / 2 ^ 127 ) 0 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed e : r0 / 2 ^ 127 = 0
{r0 / 2 ^ 127 = 0 } + {r0 / 2 ^ 127 = -1 }
left ; assumption .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0
{r0 / 2 ^ 127 = 0 } + {r0 / 2 ^ 127 = -1 }
right .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0
r0 / 2 ^ 127 = -1
unfold Int128_min_signed in H.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0
r0 / 2 ^ 127 = -1
unfold Int128_max_signed in H.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0
r0 / 2 ^ 127 = -1
destruct (Z.neg_nonneg_cases r0).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0 H1 : r0 < 0
r0 / 2 ^ 127 = -1
apply Z.le_antisymm.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0 H1 : r0 < 0
r0 / 2 ^ 127 <= -1
cut (r0 / 2 ^ 127 < 0 );[|apply Z.div_lt_upper_bound];lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0 H1 : r0 < 0
-1 <= r0 / 2 ^ 127
apply Z.div_le_lower_bound;lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0 H1 : 0 <= r0
r0 / 2 ^ 127 = -1
elim n0.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0 H1 : 0 <= r0
r0 / 2 ^ 127 = 0
apply Z.div_small.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : - 2 ^ 127 <= r0 <= 2 ^ 127 - 1 H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed n0 : r0 / 2 ^ 127 <> 0 H1 : 0 <= r0
0 <= r0 < 2 ^ 127
lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 }
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
((_t'5 = (_r->_hi);
(_r->_lo) =
(tulong) ((tlong) _t'5 >> (_n - (64 )));)
_t'4 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'4 >> (63 ));)
} else {
if (_n > (0 )) {
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
_t'1 = (_r->_hi);
(_r->_hi) = (tulong) ((tlong) _t'1 >> _n);)
}
})
(normal_ret_assert
(PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_i128_rshift)%logic)
repeat forward_if.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'5 = (_r->_hi);
(_r->_lo) =
(tulong) ((tlong) _t'5 >> (_n - (64 )));)
MORE_COMMANDS) POSTCONDITION
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'5 = (_r->_hi);
(_r->_lo) =
(tulong) ((tlong) _t'5 >> (_n - (64 )));)
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 GV := None : option globals
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'5 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- denote_tc_assert
(tc_andp (typecheck_LR Delta (*_r)%expr LLLL)
(tc_andp
(typecheck_expr Delta
((tulong) (tulong) ((tlong) _t'5
>> (_n - (64))))%expr)
(typecheck_efield Delta [eStructField _lo])))
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 GV := None : option globals PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
n - 64 < Int.unsigned Int64.iwordsize'
change (Int.unsigned Int64.iwordsize') with 64 ; lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'5
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n)
(Int.repr 64 ))))),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'4 = (_r->_hi);
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'5 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (n - 64 ))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr 63 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr (Z.shiftr r0 n) 64 )))
r
rewrite !Int64.shr_div_two_p, <- !Zbits.Zshiftr_div_two_p,
!Int64.unsigned_repr, Int64.signed_repr, !Z.shiftr_shiftr by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 (64 + (n - 64 )))),
Vlong (Int64.repr (Z.shiftr r0 (64 + 63 )))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
replace (64 + (n - 64 )) with n by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (64 + 63 )))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
change (64 + 63 ) with 127 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 127 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
replace (n + 64 ) with (127 + (n - 63 )) by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 127 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr (Z.shiftr r0 (127 + (n - 63 ))))) r
rewrite <- Z.shiftr_shiftr by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 127 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 127 ) (n - 63 )))) r
destruct Hr0127 as [->| ->].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr 0 )) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr 0 (n - 63 )))) r
rewrite Z.shiftr_0_l; entailer!.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed H1 : n >= 64 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (-1 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr (-1 ) (n - 63 )))) r
rewrite Z_shiftr_neg1_l by lia ; entailer!.
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'2 = (_r->_hi);
_t'3 = (_r->_lo);
(_r->_lo) =
(_t'2 & ((tulong) (1 ) << _n - (1 )))
<< ((64 ) - _n)
| _t'3 >> _n;)
MORE_COMMANDS) POSTCONDITION
do 3 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nGV := None : option globals
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- denote_tc_assert
(tc_andp (typecheck_LR Delta (*_r)%expr LLLL)
(tc_andp
(typecheck_expr Delta
((tulong) ((_t'2
& ((tulong) (1) << _n
- (1)))
<< ((64) - _n)
| _t'3 >> _n))%expr)
(typecheck_efield Delta [eStructField _lo])))
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nGV := None : option globals PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
n < Int.unsigned Int64.iwordsize' /\
64 - n < Int.unsigned Int64.iwordsize'
change (Int.unsigned Int64.iwordsize') with 64 ; lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 < nMORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed
(Int.repr 1 )))
(Int64.repr
(Int.unsigned
(Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr 64 )
(Int.repr n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (_r->_hi);
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < n
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _t'3 (Vlong (Int64.repr r0));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr 64 )
(Int.repr n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r)
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and (Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl (Int64.repr 1 )
(Int64.repr n)) (Int64.repr 1 )))
(Int64.repr (64 - n)))
(Int64.shru (Int64.repr r0) (Int64.repr n))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr n))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr (Z.shiftr r0 n) 64 )))
r
rewrite (Int64.shl_mul_two_p (Int64.repr 1 )), mul64_repr, Z.mul_1_l, sub64_repr.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(two_p
(Int64.unsigned (Int64.repr n)) -
1 ))) (Int64.repr (64 - n)))
(Int64.shru (Int64.repr r0) (Int64.repr n))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr n))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr (Z.shiftr r0 n) 64 )))
r
rewrite Int64.shr_div_two_p, <- Zbits.Zshiftr_div_two_p by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(two_p
(Int64.unsigned (Int64.repr n)) -
1 ))) (Int64.repr (64 - n)))
(Int64.shru (Int64.repr r0) (Int64.repr n))),
Vlong
(Int64.repr
(Z.shiftr
(Int64.signed (Int64.repr (Z.shiftr r0 64 )))
(Int64.unsigned (Int64.repr n))))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr (Z.shiftr r0 n) 64 )))
r
rewrite Int64.shru_div_two_p.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr
(two_p
(Int64.unsigned (Int64.repr n)) -
1 ))) (Int64.repr (64 - n)))
(Int64.repr
(Int64.unsigned (Int64.repr r0) /
two_p (Int64.unsigned (Int64.repr n))))),
Vlong
(Int64.repr
(Z.shiftr
(Int64.signed (Int64.repr (Z.shiftr r0 64 )))
(Int64.unsigned (Int64.repr n))))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr (Z.shiftr r0 n) 64 )))
r
rewrite !Int64.unsigned_repr, Int64.signed_repr, !Z.shiftr_shiftr by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (two_p n - 1 )))
(Int64.repr (64 - n)))
(Int64.repr
(Int64.unsigned (Int64.repr r0) / two_p n))),
Vlong (Int64.repr (Z.shiftr r0 (64 + n)))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
rewrite Int64.unsigned_repr_eq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (two_p n - 1 )))
(Int64.repr (64 - n)))
(Int64.repr (r0 mod Int64.modulus / two_p n))),
Vlong (Int64.repr (Z.shiftr r0 (64 + n)))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
rewrite and64_repr, Int64.shl_mul_two_p, mul64_repr, or64_repr.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.land (Z.shiftr r0 64 ) (two_p n - 1 ) *
two_p
(Int64.unsigned (Int64.repr (64 - n))))
(r0 mod Int64.modulus / two_p n))),
Vlong (Int64.repr (Z.shiftr r0 (64 + n)))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
rewrite <- Zbits.Zshiftr_div_two_p, <- Zbits.Zshiftl_mul_two_p by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.shiftl
(Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(Int64.unsigned (Int64.repr (64 - n))))
(Z.shiftr (r0 mod Int64.modulus) n))),
Vlong (Int64.repr (Z.shiftr r0 (64 + n)))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
rewrite Int64.unsigned_repr by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.shiftl
(Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(64 - n))
(Z.shiftr (r0 mod Int64.modulus) n))),
Vlong (Int64.repr (Z.shiftr r0 (64 + n)))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
replace (64 + n) with (n + 64 ) by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr
(Z.lor
(Z.shiftl
(Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(64 - n))
(Z.shiftr (r0 mod Int64.modulus) n))),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr (Z.shiftr r0 n)),
Vlong (Int64.repr (Z.shiftr r0 (n + 64 )))) r
replace (Int64.repr _) with (Int64.repr (Z.shiftr r0 n));[entailer!|].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
Int64.repr (Z.shiftr r0 n) =
Int64.repr
(Z.lor
(Z.shiftl (Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(64 - n)) (Z.shiftr (r0 mod Int64.modulus) n))
apply Int64.same_bits_eq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n)))))
forall i : Z,
0 <= i < Int64.zwordsize ->
Int64.testbit (Int64.repr (Z.shiftr r0 n)) i =
Int64.testbit
(Int64.repr
(Z.lor
(Z.shiftl
(Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(64 - n))
(Z.shiftr (r0 mod Int64.modulus) n))) i
intros i Hi.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < Int64.zwordsize
Int64.testbit (Int64.repr (Z.shiftr r0 n)) i =
Int64.testbit
(Int64.repr
(Z.lor
(Z.shiftl
(Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(64 - n))
(Z.shiftr (r0 mod Int64.modulus) n))) i
change (0 <= i < 64 ) in Hi.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64
Int64.testbit (Int64.repr (Z.shiftr r0 n)) i =
Int64.testbit
(Int64.repr
(Z.lor
(Z.shiftl
(Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(64 - n))
(Z.shiftr (r0 mod Int64.modulus) n))) i
rewrite !Int64.testbit_repr by assumption .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64
Z.testbit (Z.shiftr r0 n) i =
Z.testbit
(Z.lor
(Z.shiftl (Z.land (Z.shiftr r0 64 ) (two_p n - 1 ))
(64 - n)) (Z.shiftr (r0 mod Int64.modulus) n))
i
rewrite Z.lor_spec, Z.shiftl_spec, Z.land_spec, !(Z.shiftr_spec _ n) by tauto .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 ) (i - (64 - n)) &&
Z.testbit (two_p n - 1 ) (i - (64 - n))
|| Z.testbit (r0 mod Int64.modulus) (i + n))%bool
replace (i - (64 - n)) with (i + n - 64 ) by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 ) (i + n - 64 ) &&
Z.testbit (two_p n - 1 ) (i + n - 64 )
|| Z.testbit (r0 mod Int64.modulus) (i + n))%bool
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 ) (i + n - 64 ) &&
Z.testbit (two_p n - 1 ) (i + n - 64 )
|| Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
case (Z.neg_nonneg_cases (i + n - 64 )) as [Hin|Hin].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64 Hin : i + n - 64 < 0
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 ) (i + n - 64 ) &&
Z.testbit (two_p n - 1 ) (i + n - 64 )
|| Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
rewrite (Z.testbit_neg_r _ _ Hin), Z.mod_pow2_bits_low by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64 Hin : i + n - 64 < 0
Z.testbit r0 (i + n) =
(false && Z.testbit (two_p n - 1 ) (i + n - 64 )
|| Z.testbit r0 (i + n))%bool
reflexivity .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64 Hin : 0 <= i + n - 64
Z.testbit r0 (i + n) =
(Z.testbit (Z.shiftr r0 64 ) (i + n - 64 ) &&
Z.testbit (two_p n - 1 ) (i + n - 64 )
|| Z.testbit (r0 mod 2 ^ 64 ) (i + n))%bool
rewrite Z.shiftr_spec, Zbits.Ztestbit_two_p_m1, Z.mod_pow2_bits_high by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64 Hin : 0 <= i + n - 64
Z.testbit r0 (i + n) =
(Z.testbit r0 (i + n - 64 + 64 ) &&
(if zlt (i + n - 64 ) n then true else false) || false)%bool
destruct (zlt _ _) as [_|Hin64];[|lia ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64 Hin : 0 <= i + n - 64
Z.testbit r0 (i + n) =
(Z.testbit r0 (i + n - 64 + 64 ) && true || false)%bool
rewrite andb_true_r, orb_false_r.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64 Hin : 0 <= i + n - 64
Z.testbit r0 (i + n) = Z.testbit r0 (i + n - 64 + 64 )
replace (i + n - 64 + 64 ) with (i + n) by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 < nPNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong
(Int64.or
(Int64.shl
(Int64.and
(Int64.repr (Z.shiftr r0 64 ))
(Int64.sub
(Int64.shl
(Int64.repr
(Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned (Int.repr n))))
(Int64.repr
(Int.signed (Int.repr 1 )))))
(Int64.repr
(Int.unsigned (Int.repr (64 - n)))))
(Int64.shru (Int64.repr r0)
(Int64.repr
(Int.unsigned (Int.repr n))))),
Vlong
(Int64.shr (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Int.unsigned (Int.repr n))))) i : Z Hi : 0 <= i < 64 Hin : 0 <= i + n - 64
Z.testbit r0 (i + n) = Z.testbit r0 (i + n)
reflexivity .
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 POSTCONDITION := abbreviate : ret_assert H2 : 0 >= n
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(/*skip*/;) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 >= n
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- (PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 n)),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 n)
64 ))) r) *
stackframe_of f_secp256k1_i128_rshift)%logic
replace n with 0 ;[|lia ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int128_min_signed <= r0 <= Int128_max_signed H0 : 0 <= n < 128 Hr064 : Int64.min_signed <= Z.shiftr r0 64 <=
Int64.max_signed Hr0127 : {Z.shiftr r0 127 = 0 } +
{Z.shiftr r0 127 = -1 } H1 : n < 64 H2 : 0 >= n
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr 0 )))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- (PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong
(Int64.repr (Z.shiftr r0 0 )),
Vlong
(Int64.repr
(Z.shiftr (Z.shiftr r0 0 )
64 ))) r) *
stackframe_of f_secp256k1_i128_rshift)%logic
entailer!.
Qed .
Lemma body_secp256k1_i128_to_i64 : semax_body Vprog Gprog f_secp256k1_i128_to_i64 secp256k1_i128_to_i64_spec.semax_body Vprog Gprog f_secp256k1_i128_to_i64
secp256k1_i128_to_i64_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_to_i64
secp256k1_i128_to_i64_spec
start_function. Espec : OracleKind r : val sh : share r0 : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : Int64.min_signed <= r0 <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a r)
SEP (secp256k1_uint128_at sh r0 r))
(_t'1 = (_a->_lo);
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0 : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : Int64.min_signed <= r0 <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a r)
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (_a->_lo);
MORE_COMMANDS) POSTCONDITION
forward. Espec : OracleKind r : val sh : share r0 : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : Int64.min_signed <= r0 <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'1 (Vlong (Int64.repr r0));
temp _a r)
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(return (tlong) _t'1;) POSTCONDITION
forward.
Qed .
Lemma body_secp256k1_i128_from_i64 : semax_body Vprog Gprog f_secp256k1_i128_from_i64 secp256k1_i128_from_i64_spec.semax_body Vprog Gprog f_secp256k1_i128_from_i64
secp256k1_i128_from_i64_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_from_i64
secp256k1_i128_from_i64_spec
start_function. Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at_ sh t_secp256k1_uint128 r))
((_r->_hi) = (tulong) (_a >> (63 ));
MORE_COMMANDS) POSTCONDITION
do 2 forward.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
r)
|-- PROP ( )
RETURN ( ) SEP (secp256k1_uint128_at sh a r)
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed
ENTAIL Delta,
PROP ( )
LOCAL (temp _r r; temp _a (Vlong (Int64.repr a)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
r)
|-- PROP ( )
RETURN ( ) SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.repr (Z.shiftr a 64 )))
r)
entailer!. Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong (Int64.shr (Int64.repr a) (Int64.repr 63 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong (Int64.repr (Z.shiftr a 64 ))) r
replace (Int64.shr (Int64.repr a) (Int64.repr 63 )) with (Int64.repr (Z.shiftr a 64 )).Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong (Int64.repr (Z.shiftr a 64 ))) r
|-- data_at sh t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong (Int64.repr (Z.shiftr a 64 ))) r
entailer!. Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
Int64.repr (Z.shiftr a 64 ) =
Int64.shr (Int64.repr a) (Int64.repr 63 )
change 64 with (63 + 1 ).Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
Int64.repr (Z.shiftr a (63 + 1 )) =
Int64.shr (Int64.repr a) (Int64.repr 63 )
rewrite <- Z.shiftr_shiftr, !Z.shiftr_div_pow2, Int64.shr_div_two_p, two_p_correct, Int64.unsigned_repr by rep_lia.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
Int64.repr (a / 2 ^ 63 / 2 ^ 1 ) =
Int64.repr (Int64.signed (Int64.repr a) / 2 ^ 63 )
f_equal .Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
a / 2 ^ 63 / 2 ^ 1 =
Int64.signed (Int64.repr a) / 2 ^ 63
rewrite Int64.signed_repr by rep_lia.Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 )))))
a / 2 ^ 63 / 2 ^ 1 = a / 2 ^ 63
destruct (Z.neg_nonneg_cases a).Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 ))))) H2 : a < 0
a / 2 ^ 63 / 2 ^ 1 = a / 2 ^ 63
+ Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 ))))) H2 : a < 0
a / 2 ^ 63 / 2 ^ 1 = a / 2 ^ 63
replace (a/2 ^63 ) with (-1 );[reflexivity |].Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 ))))) H2 : a < 0
-1 = a / 2 ^ 63
cut (0 = a / 2 ^63 + 1 );[lia |].Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 ))))) H2 : a < 0
0 = a / 2 ^ 63 + 1
rewrite <- Z_div_plus, Z.mul_1_l by lia .Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 ))))) H2 : a < 0
0 = (a + 2 ^ 63 ) / 2 ^ 63
rewrite Zdiv_small;[reflexivity |rep_lia].
+ Espec : OracleKind r : val sh : share a : Z Delta_specs : Maps.PTree.t funspec SH : writable_share sh H : Int64.min_signed <= a <= Int64.max_signed PNr : is_pointer_or_null r H0 : field_compatible t_secp256k1_uint128 [] r H1 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr a),
Vlong
(Int64.shr (Int64.repr a)
(Int64.repr (Int.unsigned (Int.repr 63 ))))) H2 : 0 <= a
a / 2 ^ 63 / 2 ^ 1 = a / 2 ^ 63
rewrite (Zdiv_small a);[reflexivity |rep_lia].
Qed .
Lemma body_secp256k1_i128_eq_var : semax_body Vprog Gprog f_secp256k1_i128_eq_var secp256k1_i128_eq_var_spec.semax_body Vprog Gprog f_secp256k1_i128_eq_var
secp256k1_i128_eq_var_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_eq_var
secp256k1_i128_eq_var_spec
start_function. Espec : OracleKind ptrs : list secp256k1_uint128.args r, s : secp256k1_uint128.args Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : In r ptrs H0 : In s ptrs SH : readable_share (secp256k1_uint128.share r) SH0 : readable_share (secp256k1_uint128.share s) POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a (secp256k1_uint128.ptr r);
temp _b (secp256k1_uint128.ptr s))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
((_t'2 = (_a->_hi);
_t'3 = (_b->_hi);
if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
})
MORE_COMMANDS) POSTCONDITION
destruct r as [shr r0 r].Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val s : secp256k1_uint128.args Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs H0 : In s ptrs SH : readable_share
(secp256k1_uint128.share
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|}) SH0 : readable_share (secp256k1_uint128.share s) POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|});
temp _b (secp256k1_uint128.ptr s))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
((_t'2 = (_a->_hi);
_t'3 = (_b->_hi);
if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
})
MORE_COMMANDS) POSTCONDITION
destruct s as [shs s0 s].Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs H0 : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share
(secp256k1_uint128.share
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|}) SH0 : readable_share
(secp256k1_uint128.share
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|}) POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|});
temp _b
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|}))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
((_t'2 = (_a->_hi);
_t'3 = (_b->_hi);
if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
})
MORE_COMMANDS) POSTCONDITION
simpl in SH, SH0.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext H : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs H0 : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|});
temp _b
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|}))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
((_t'2 = (_a->_hi);
_t'3 = (_b->_hi);
if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
})
MORE_COMMANDS) POSTCONDITION
rename H into Hr.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs H0 : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|});
temp _b
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|}))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
((_t'2 = (_a->_hi);
_t'3 = (_b->_hi);
if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
})
MORE_COMMANDS) POSTCONDITION
rename H0 into Hs.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _a
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|});
temp _b
(secp256k1_uint128.ptr
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|}))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
((_t'2 = (_a->_hi);
_t'3 = (_b->_hi);
if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
})
MORE_COMMANDS) POSTCONDITION
rewrite (iter_sepcon_wand_in _ _ _ _ Hr);
unfold secp256k1_uint128.at_args at 1 2 ; simpl ;
unfold secp256k1_uint128_at;
Intros;
forward;
sep_apply modus_ponens_wand.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'2
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
((_t'3 = (_b->_hi);
if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
})
MORE_COMMANDS) POSTCONDITION
rewrite (iter_sepcon_wand_in _ _ _ _ Hs);
unfold secp256k1_uint128.at_args at 1 2 ; simpl ;
unfold secp256k1_uint128_at;
Intros;
forward;
sep_apply modus_ponens_wand.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'3
(Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
}
MORE_COMMANDS) POSTCONDITION
assert (Hrs: r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 =
(((Z.shiftr r0 64 ) mod 2 ^ 64 =? (Z.shiftr s0 64 ) mod 2 ^ 64 ) &&
(r0 mod 2 ^64 =? s0 mod 2 ^64 ))%bool).Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
(r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
change (2 ^128 ) with (2 ^64 * 2 ^64 ).Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
(r0 mod (2 ^ 64 * 2 ^ 64 ) =? s0 mod (2 ^ 64 * 2 ^ 64 )) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
rewrite !Zmod_recombine, !Zbits.Zshiftr_div_two_p, two_p_correct by lia .Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? (s0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
elim (Z.eqb_spec _ (s0 mod 2 ^ 64 )).Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
r0 mod 2 ^ 64 = s0 mod 2 ^ 64 ->
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? (s0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
true)%bool
intros ->.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? (s0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
true)%bool
elim (Z.eqb_spec _ ((s0 / 2 ^ 64 ) mod 2 ^ 64 )).Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
(r0 / 2 ^ 64 ) mod 2 ^ 64 = (s0 / 2 ^ 64 ) mod 2 ^ 64 ->
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(true && true)%bool
intros ->.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
((s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(true && true)%bool
apply Z.eqb_refl.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
(r0 / 2 ^ 64 ) mod 2 ^ 64 <> (s0 / 2 ^ 64 ) mod 2 ^ 64 ->
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(false && true)%bool
intros Hneq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 <>
(s0 / 2 ^ 64 ) mod 2 ^ 64
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(false && true)%bool
apply <- Z.eqb_neq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 <>
(s0 / 2 ^ 64 ) mod 2 ^ 64
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 <>
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64
lia .Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
r0 mod 2 ^ 64 <> s0 mod 2 ^ 64 ->
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? (s0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
false)%bool
intros Hneq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hneq : r0 mod 2 ^ 64 <> s0 mod 2 ^ 64
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? (s0 / 2 ^ 64 ) mod 2 ^ 64 ) &&
false)%bool
rewrite andb_false_r.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hneq : r0 mod 2 ^ 64 <> s0 mod 2 ^ 64
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64 ) =
false
apply <- Z.eqb_neq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hneq : r0 mod 2 ^ 64 <> s0 mod 2 ^ 64
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 <>
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + s0 mod 2 ^ 64
intros Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hneq : r0 mod 2 ^ 64 <> s0 mod 2 ^ 64 Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 =
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
s0 mod 2 ^ 64
False
apply Hneq; clear Hneq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 =
(s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
s0 mod 2 ^ 64
r0 mod 2 ^ 64 = s0 mod 2 ^ 64
apply (f_equal (fun x => x mod 2 ^64 )) in Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Heq : ((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 ) mod 2 ^ 64 =
((s0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
s0 mod 2 ^ 64 ) mod 2 ^ 64
r0 mod 2 ^ 64 = s0 mod 2 ^ 64
repeat rewrite Z.add_comm, Z_mod_plus_full, Zmod_mod in Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
r0 mod 2 ^ 64 = s0 mod 2 ^ 64
assumption .Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
semax Delta
(PROP ( )
LOCAL (temp _t'3
(Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(if (_t'2 == _t'3) {
(_t'4 = (_a->_lo);
_t'5 = (_b->_lo);
_t'1 = (tbool) (_t'4 == _t'5);)
} else {
_t'1 = (0 );
}
MORE_COMMANDS) POSTCONDITION
forward_if
(PROP ( )
LOCAL (temp _t'1 (Vint (Int.repr (if r0 mod 2 ^128 =? s0 mod 2 ^128 then 1 else 0 ))))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs)). Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Z.shiftr s0 64 )) = true POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'3
(Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(_t'4 = (_a->_lo);
MORE_COMMANDS) POSTCONDITION
+ Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Z.shiftr s0 64 )) = true POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'3
(Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(_t'4 = (_a->_lo);
MORE_COMMANDS) POSTCONDITION
rewrite (iter_sepcon_wand_in _ _ _ _ Hr);
unfold secp256k1_uint128.at_args at 1 2 ; simpl ;
unfold secp256k1_uint128_at;
Intros;
forward;
sep_apply modus_ponens_wand.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Z.shiftr s0 64 )) = true POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(_t'5 = (_b->_lo);
MORE_COMMANDS) POSTCONDITION
rewrite (iter_sepcon_wand_in _ _ _ _ Hs);
unfold secp256k1_uint128.at_args at 1 2 ; simpl ;
unfold secp256k1_uint128_at;
Intros;
forward;
sep_apply modus_ponens_wand.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Z.shiftr s0 64 )) = true POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'5 (Vlong (Int64.repr s0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(_t'1 = (tbool) (_t'4 == _t'5);) POSTCONDITION
forward. Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Z.shiftr s0 64 )) = true
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0)))));
temp _t'5 (Vlong (Int64.repr s0));
temp _t'4 (Vlong (Int64.repr r0));
temp _t'3 (Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs)
|-- PROP ( )
LOCAL (temp _t'1
(Vint
(Int.repr
(if
r0 mod 2 ^ 128 =? s0 mod 2 ^ 128
then 1
else 0 ))))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs)
entailer!. Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Z.shiftr s0 64 )) = true H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if r0 mod 2 ^ 128 =? s0 mod 2 ^ 128
then 1
else 0 )) =
Val.of_bool (Int64.eq (Int64.repr r0) (Int64.repr s0))
rewrite Hrs.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.repr (Z.shiftr s0 64 )) = true H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool (Int64.eq (Int64.repr r0) (Int64.repr s0))
apply Int64.same_if_eq in H.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) =
Int64.repr (Z.shiftr s0 64 ) H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool (Int64.eq (Int64.repr r0) (Int64.repr s0))
apply (f_equal Int64.unsigned) in H.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.unsigned (Int64.repr (Z.shiftr r0 64 )) =
Int64.unsigned (Int64.repr (Z.shiftr s0 64 )) H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool (Int64.eq (Int64.repr r0) (Int64.repr s0))
rewrite !Int64.unsigned_repr_eq in H.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod Int64.modulus =
Z.shiftr s0 64 mod Int64.modulus H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool (Int64.eq (Int64.repr r0) (Int64.repr s0))
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
then 1
else 0 )) =
Val.of_bool (Int64.eq (Int64.repr r0) (Int64.repr s0))
rewrite H, Z.eqb_refl, andb_true_l.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool (Int64.eq (Int64.repr r0) (Int64.repr s0))
case_eq (Int64.eq (Int64.repr r0) (Int64.repr s0)).Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Int64.eq (Int64.repr r0) (Int64.repr s0) = true ->
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool true
intros Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : Int64.eq (Int64.repr r0) (Int64.repr s0) = true
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool true
apply Int64.same_if_eq in Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : Int64.repr r0 = Int64.repr s0
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool true
apply (f_equal Int64.unsigned) in Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : Int64.unsigned (Int64.repr r0) =
Int64.unsigned (Int64.repr s0)
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool true
rewrite !Int64.unsigned_repr_eq in Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod Int64.modulus = s0 mod Int64.modulus
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool true
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool true
rewrite Heq, Z.eqb_refl.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
Vint (Int.repr 1 ) = Val.of_bool true
reflexivity .Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Int64.eq (Int64.repr r0) (Int64.repr s0) = false ->
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool false
intros Hneq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Hneq : Int64.eq (Int64.repr r0) (Int64.repr s0) =
false
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool false
apply int64_eq_false_e in Hneq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Hneq : Int64.repr r0 <> Int64.repr s0
Vint
(Int.repr
(if r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 then 1 else 0 )) =
Val.of_bool false
elim Z.eqb_spec;[|reflexivity ].Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Hneq : Int64.repr r0 <> Int64.repr s0
r0 mod 2 ^ 64 = s0 mod 2 ^ 64 ->
Vint (Int.repr 1 ) = Val.of_bool false
intros Heq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Hneq : Int64.repr r0 <> Int64.repr s0 Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
Vint (Int.repr 1 ) = Val.of_bool false
elim Hneq; clear Hneq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
Int64.repr r0 = Int64.repr s0
rewrite <- Int64.repr_unsigned, Int64.unsigned_repr_eq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
Int64.repr r0 = Int64.repr (s0 mod Int64.modulus)
rewrite <- (Int64.repr_unsigned (Int64.repr r0)), Int64.unsigned_repr_eq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
Int64.repr (r0 mod Int64.modulus) =
Int64.repr (s0 mod Int64.modulus)
change Int64.modulus with (2 ^64 ).Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
Int64.repr (r0 mod 2 ^ 64 ) =
Int64.repr (s0 mod 2 ^ 64 )
f_equal .Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64 H0 : is_int I32 Signed
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(Vlong (Int64.repr s0))))) PNr : is_pointer_or_null r PNs : is_pointer_or_null s Heq : r0 mod 2 ^ 64 = s0 mod 2 ^ 64
r0 mod 2 ^ 64 = s0 mod 2 ^ 64
assumption .
+ Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'3
(Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(_t'1 = (0 );) POSTCONDITION
forward. Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 )
ENTAIL Delta,
PROP ( )
LOCAL (temp _t'1 (Vint (Int.repr 0 ));
temp _t'3 (Vlong (Int64.repr (Z.shiftr s0 64 )));
temp _t'2 (Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _a r; temp _b s)
SEP (iter_sepcon secp256k1_uint128.at_args ptrs)
|-- PROP ( )
LOCAL (temp _t'1
(Vint
(Int.repr
(if
r0 mod 2 ^ 128 =? s0 mod 2 ^ 128
then 1
else 0 ))))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs)
entailer!. Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if r0 mod 2 ^ 128 =? s0 mod 2 ^ 128
then 1
else 0 )) = Vint (Int.repr 0 )
rewrite Hrs.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
elim Z.eqb_spec;[|reflexivity ].Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s
Z.shiftr r0 64 mod 2 ^ 64 = Z.shiftr s0 64 mod 2 ^ 64 ->
Vint
(Int.repr
(if
(true && (r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
intros ; elim H.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s p : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64
Int64.repr (Z.shiftr r0 64 ) =
Int64.repr (Z.shiftr s0 64 )
rewrite <- Int64.repr_unsigned, Int64.unsigned_repr_eq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s p : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64
Int64.repr (Z.shiftr r0 64 ) =
Int64.repr (Z.shiftr s0 64 mod Int64.modulus)
rewrite <- (Int64.repr_unsigned (Int64.repr (Z.shiftr r0 64 ))), Int64.unsigned_repr_eq.Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s p : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64
Int64.repr (Z.shiftr r0 64 mod Int64.modulus) =
Int64.repr (Z.shiftr s0 64 mod Int64.modulus)
change Int64.modulus with (2 ^64 ).Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s p : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64
Int64.repr (Z.shiftr r0 64 mod 2 ^ 64 ) =
Int64.repr (Z.shiftr s0 64 mod 2 ^ 64 )
f_equal .Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool H : Int64.repr (Z.shiftr r0 64 ) <>
Int64.repr (Z.shiftr s0 64 ) PNr : is_pointer_or_null r PNs : is_pointer_or_null s p : Z.shiftr r0 64 mod 2 ^ 64 =
Z.shiftr s0 64 mod 2 ^ 64
Z.shiftr r0 64 mod 2 ^ 64 = Z.shiftr s0 64 mod 2 ^ 64
assumption .
+ Espec : OracleKind ptrs : list secp256k1_uint128.args shr : Share.t r0 : Z r : val shs : Share.t s0 : Z s : val Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext Hr : In
{|
secp256k1_uint128.share := shr;
secp256k1_uint128.z := r0;
secp256k1_uint128.ptr := r
|} ptrs Hs : In
{|
secp256k1_uint128.share := shs;
secp256k1_uint128.z := s0;
secp256k1_uint128.ptr := s
|} ptrs SH : readable_share shr SH0 : readable_share shs POSTCONDITION := abbreviate : ret_assert Hrs : (r0 mod 2 ^ 128 =? s0 mod 2 ^ 128 ) =
((Z.shiftr r0 64 mod 2 ^ 64 =?
Z.shiftr s0 64 mod 2 ^ 64 ) &&
(r0 mod 2 ^ 64 =? s0 mod 2 ^ 64 ))%bool
semax Delta
(PROP ( )
LOCAL (temp _t'1
(Vint
(Int.repr
(if r0 mod 2 ^ 128 =? s0 mod 2 ^ 128
then 1
else 0 ))))
SEP (iter_sepcon secp256k1_uint128.at_args ptrs))
(return _t'1;) POSTCONDITION
forward.
Qed .
Lemma body_secp256k1_i128_check_bit : semax_body Vprog Gprog f_secp256k1_i128_check_bit secp256k1_i128_check_bit_spec.semax_body Vprog Gprog f_secp256k1_i128_check_bit
secp256k1_i128_check_bit_spec
Proof .semax_body Vprog Gprog f_secp256k1_i128_check_bit
secp256k1_i128_check_bit_spec
start_function. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(for (;
;
break;) {
if (!(_n < (127 ))) {
for (;
;
break;) {
((_t'6 = _stderr;
_fprintf
([(_t'6)%expr; (___stringlit_3)%expr;
(___stringlit_2)%expr; ((132 ))%expr;
(___stringlit_8)%expr]);)
_abort([]);)
}
}
}
MORE_COMMANDS) POSTCONDITION
forward_verify_check. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert H0 : typed_true tint
(eval_unop Onotbool tint
(Val.of_bool
(Int.ltu (Int.repr n) (Int.repr 127 ))))
False
revert H0.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert
typed_true tint
(eval_unop Onotbool tint
(Val.of_bool
(Int.ltu (Int.repr n) (Int.repr 127 )))) ->
False
case_eq (Int.ltu (Int.repr n) (Int.repr 127 ));[discriminate |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert
Int.ltu (Int.repr n) (Int.repr 127 ) = false ->
typed_true tint
(eval_unop Onotbool tint (Val.of_bool false)) ->
False
intros Hltu _.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert Hltu : Int.ltu (Int.repr n) (Int.repr 127 ) = false
False
apply ltu_false_inv in Hltu.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert Hltu : Int.unsigned (Int.repr n) >=
Int.unsigned (Int.repr 127 )
False
apply Z.ge_le_iff in Hltu.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert Hltu : Int.unsigned (Int.repr 127 ) <=
Int.unsigned (Int.repr n)
False
apply (Zle_not_lt _ _ Hltu).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert Hltu : Int.unsigned (Int.repr 127 ) <=
Int.unsigned (Int.repr n)
Int.unsigned (Int.repr n) <
Int.unsigned (Int.repr 127 )
change (Int.unsigned (Int.repr 127 )) with 127 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert Hltu : Int.unsigned (Int.repr 127 ) <=
Int.unsigned (Int.repr n)
Int.unsigned (Int.repr n) < 127
rewrite Int.unsigned_repr; rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (secp256k1_uint128_at sh r0 r))
(if (_n >= (64 )) {
(_t'4 = (_r->_hi);
if (_t'4 == (tulong) (1 ) << (_n - (64 ))) {
((_t'5 = (_r->_lo);
_t'1 = (tbool) (_t'5 == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
})
} else {
(_t'2 = (_r->_hi);
if (_t'2 == (0 )) {
((_t'3 = (_r->_lo);
_t'1 = (tbool) (_t'3 == (tulong) (1 ) << _n);)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
})
}
MORE_COMMANDS) POSTCONDITION
unfold secp256k1_uint128_at.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 POSTCONDITION := abbreviate : ret_assert MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_n >= (64 )) {
(_t'4 = (_r->_hi);
if (_t'4 == (tulong) (1 ) << (_n - (64 ))) {
((_t'5 = (_r->_lo);
_t'1 = (tbool) (_t'5 == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
})
} else {
(_t'2 = (_r->_hi);
if (_t'2 == (0 )) {
((_t'3 = (_r->_lo);
_t'1 = (tbool) (_t'3 == (tulong) (1 ) << _n);)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
})
}
MORE_COMMANDS) POSTCONDITION
forward_if
(PROP ( )
LOCAL (temp _t'1 (Vint (Int.repr (if r0 mod 2 ^128 =? 2 ^n then 1 else 0 ))))
SEP (secp256k1_uint128_at sh r0 r));forward. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_t'4 == (tulong) (1 ) << (_n - (64 ))) {
((_t'5 = (_r->_lo);
_t'1 = (tbool) (_t'5 == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
}) POSTCONDITION
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_t'4 == (tulong) (1 ) << (_n - (64 ))) {
((_t'5 = (_r->_lo);
_t'1 = (tbool) (_t'5 == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
}) POSTCONDITION
assert (Hr0: r0 mod 2 ^ 128 =? 2 ^ n =
(((Z.shiftr r0 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) && (r0 mod 2 ^64 =? 0 ))%bool).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
(r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
change (2 ^128 ) with (2 ^64 * 2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
(r0 mod (2 ^ 64 * 2 ^ 64 ) =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
rewrite Zmod_recombine by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
replace n with (n - 64 + 64 ) at 1 by ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
2 ^ (n - 64 + 64 )) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
rewrite Z.pow_add_r, Z.shiftr_div_pow2 by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
2 ^ (n - 64 ) * 2 ^ 64 ) =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
elim Z.eqb_spec.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =
2 ^ (n - 64 ) * 2 ^ 64 ->
true =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 = 2 ^ (n - 64 ) * 2 ^ 64
true =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
replace (r0 mod 2 ^ 64 ) with 0 ;
[|rewrite Z.mul_comm in Heq;
symmetry in Heq;
apply Zdiv.Zmod_unique in Heq;[rewrite Heq, Z_mod_mult; reflexivity |apply Z.mod_pos_bound;lia ]].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 = 2 ^ (n - 64 ) * 2 ^ 64
true =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(0 =? 0 ))%bool
apply (f_equal (fun x => x / 2 ^64 )) in Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Heq : ((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 ) / 2 ^ 64 =
2 ^ (n - 64 ) * 2 ^ 64 / 2 ^ 64
true =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(0 =? 0 ))%bool
rewrite Z_div_mult, Z.div_add_l in Heq by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 +
r0 mod 2 ^ 64 / 2 ^ 64 =
2 ^ (n - 64 )
true =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(0 =? 0 ))%bool
rewrite <- Heq, Zmod_div, Z.add_0_r, !Z.eqb_refl by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 +
r0 mod 2 ^ 64 / 2 ^ 64 =
2 ^ (n - 64 )
true = (true && true)%bool
reflexivity .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 <>
2 ^ (n - 64 ) * 2 ^ 64 ->
false =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
elim (Z.eqb_spec _ 0 );[|rewrite andb_false_r;reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
r0 mod 2 ^ 64 = 0 ->
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 <>
2 ^ (n - 64 ) * 2 ^ 64 ->
false =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) && true)%bool
intros ->.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 0 <>
2 ^ (n - 64 ) * 2 ^ 64 ->
false =
(((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) && true)%bool
rewrite Z.add_0_r, andb_true_r.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 <>
2 ^ (n - 64 ) * 2 ^ 64 ->
false = ((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 ))
intros Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 <>
2 ^ (n - 64 ) * 2 ^ 64
false = ((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 ))
symmetry .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 <>
2 ^ (n - 64 ) * 2 ^ 64
((r0 / 2 ^ 64 ) mod 2 ^ 64 =? 2 ^ (n - 64 )) = false
apply Z.eqb_neq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 <>
2 ^ (n - 64 ) * 2 ^ 64
(r0 / 2 ^ 64 ) mod 2 ^ 64 <> 2 ^ (n - 64 )
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 <>
2 ^ (n - 64 ) * 2 ^ 64 Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 2 ^ (n - 64 )
False
apply Hneq; clear Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 2 ^ (n - 64 )
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 =
2 ^ (n - 64 ) * 2 ^ 64
rewrite Heq; reflexivity .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_t'4 == (tulong) (1 ) << (_n - (64 ))) {
((_t'5 = (_r->_lo);
_t'1 = (tbool) (_t'5 == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
}) POSTCONDITION
assert (Hn: 0 <= 2 ^ (n - 64 ) < 2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
0 <= 2 ^ (n - 64 ) < 2 ^ 64
split ;[apply Z.pow_nonneg|apply Z.pow_lt_mono_r];lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_t'4 == (tulong) (1 ) << (_n - (64 ))) {
((_t'5 = (_r->_lo);
_t'1 = (tbool) (_t'5 == (0 ));)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
}) POSTCONDITION
forward_if. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 v := Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.shl
(Int64.repr (Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 )))))) : val H1 : ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- local
(liftx (eq v : val -> Prop )
(eval_expr
(_t'4 == (tulong) (1 ) << (_n - (64 )))%expr)) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r
|-- !! (n - 64 < Int.unsigned Int64.iwordsize')
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 v := Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.shl
(Int64.repr (Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 )))))) : val H1 : ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- local
(liftx (eq v : val -> Prop )
(eval_expr
(_t'4 == (tulong) (1 ) << (_n - (64 )))%expr)) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r
|-- !! (n - 64 < Int.unsigned Int64.iwordsize')
entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 v := Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.shl
(Int64.repr (Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 )))))) : val H1 : ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- local
(liftx (eq v : val -> Prop )
(eval_expr
(_t'4 == (tulong) (1 ) << (_n - (64 )))%expr)) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
n - 64 < Int.unsigned Int64.iwordsize'
change (Int.unsigned Int64.iwordsize') with 64 .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 v := Val.of_bool
(Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.shl
(Int64.repr (Int.signed (Int.repr 1 )))
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 )))))) : val H1 : ENTAIL Delta,
PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r)
|-- local
(liftx (eq v : val -> Prop )
(eval_expr
(_t'4 == (tulong) (1 ) << (_n - (64 )))%expr)) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
n - 64 < 64
lia .
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.shl (Int64.repr 1 )
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 ))))) =
true MORE_COMMANDS := abbreviate : statement
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
((_t'5 = (_r->_lo);
_t'1 = (tbool) (_t'5 == (0 ));)
MORE_COMMANDS) POSTCONDITION
do 3 forward; entailer!.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.eq (Int64.repr (Z.shiftr r0 64 ))
(Int64.shl (Int64.repr 1 )
(Int64.repr
(Int.unsigned (Int.repr (n - 64 ))))) =
true H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
apply Int64.same_if_eq in H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) =
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
rewrite Int64.shl_mul_two_p, mul64_repr, Z.mul_1_l, Int64.int_unsigned_repr in H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) =
Int64.repr
(two_p (Int.unsigned (Int.repr (n - 64 )))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
rewrite Int.unsigned_repr in H1 by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) =
Int64.repr (two_p (n - 64 )) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
apply (f_equal Int64.unsigned) in H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.unsigned (Int64.repr (Z.shiftr r0 64 )) =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
rewrite Int64.unsigned_repr_eq in H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod Int64.modulus =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
change Int64.modulus with (2 ^64 ) in H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
rewrite Hr0, H1, two_p_correct.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr
(if
((Int64.unsigned (Int64.repr (2 ^ (n - 64 ))) =?
2 ^ (n - 64 )) && (r0 mod 2 ^ 64 =? 0 ))%bool
then 1
else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
rewrite Int64.unsigned_repr, Z.eqb_refl, andb_true_l by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint (Int.repr (if r0 mod 2 ^ 64 =? 0 then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
elim (Z.eqb_spec _ 0 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
r0 mod 2 ^ 64 = 0 ->
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
intros <-.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.repr (r0 mod 2 ^ 64 )))))
rewrite <- Int64.unsigned_repr_eq, Int64.repr_unsigned, Int64.eq_true.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint (Int.repr 1 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
reflexivity .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
r0 mod 2 ^ 64 <> 0 ->
Vint (Int.repr 0 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
intros Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 0
Vint (Int.repr 0 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr 0 ))))
case_eq (Int64.eq (Int64.repr r0) (Int64.repr 0 ));[|reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 0
Int64.eq (Int64.repr r0) (Int64.repr 0 ) = true ->
Vint (Int.repr 0 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 0 Heq : Int64.eq (Int64.repr r0) (Int64.repr 0 ) = true
Vint (Int.repr 0 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
apply Int64.same_if_eq in Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 0 Heq : Int64.repr r0 = Int64.repr 0
Vint (Int.repr 0 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
elim Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 0 Heq : Int64.repr r0 = Int64.repr 0
r0 mod 2 ^ 64 = 0
rewrite <- Int64.unsigned_repr_eq, Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned (Int64.repr (two_p (n - 64 ))) H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tint
(Vlong (Int64.repr r0))
(Vint (Int.repr 0 ))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 0 Heq : Int64.repr r0 = Int64.repr 0
Int64.unsigned (Int64.repr 0 ) = 0
reflexivity .
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr
(Int.unsigned
(Int.sub (Int.repr n) (Int.repr 64 ))))
semax Delta
(PROP ( )
LOCAL (temp _t'4
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(_t'1 = (tint) (0 );) POSTCONDITION
forward;entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
Vint (Int.repr 0 )
rewrite Hr0.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
elim (Z.eqb_spec _ _);[|reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 ) ->
Vint
(Int.repr
(if (true && (r0 mod 2 ^ 64 =? 0 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
Vint
(Int.repr
(if (true && (r0 mod 2 ^ 64 =? 0 ))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
elim H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
Int64.repr (Z.shiftr r0 64 ) =
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 ))))
etransitivity ;[|apply Int64.repr_unsigned].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
Int64.repr (Z.shiftr r0 64 ) =
Int64.repr
(Int64.unsigned
(Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 ))))))
etransitivity ;[symmetry ;apply Int64.repr_unsigned|].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
Int64.repr
(Int64.unsigned (Int64.repr (Z.shiftr r0 64 ))) =
Int64.repr
(Int64.unsigned
(Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 ))))))
f_equal .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
Int64.unsigned (Int64.repr (Z.shiftr r0 64 )) =
Int64.unsigned
(Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))))
rewrite Int64.unsigned_repr_eq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
Z.shiftr r0 64 mod Int64.modulus =
Int64.unsigned
(Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))))
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned
(Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))))
rewrite Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
2 ^ (n - 64 ) =
Int64.unsigned
(Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))))
rewrite Int64.shl_mul_two_p, mul64_repr, Z.mul_1_l, Int64.int_unsigned_repr, Int.unsigned_repr by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
2 ^ (n - 64 ) =
Int64.unsigned (Int64.repr (two_p (n - 64 )))
rewrite two_p_correct, Int64.unsigned_repr by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n >= 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 2 ^ (n - 64 )) &&
(r0 mod 2 ^ 64 =? 0 ))%bool Hn : 0 <= 2 ^ (n - 64 ) < 2 ^ 64 H1 : Int64.repr (Z.shiftr r0 64 ) <>
Int64.shl (Int64.repr 1 )
(Int64.repr (Int.unsigned (Int.repr (n - 64 )))) PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 2 ^ (n - 64 )
2 ^ (n - 64 ) = 2 ^ (n - 64 )
reflexivity .
- Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert
semax Delta
(PROP ( )
LOCAL (temp _t'2
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_t'2 == (0 )) {
((_t'3 = (_r->_lo);
_t'1 = (tbool) (_t'3 == (tulong) (1 ) << _n);)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
}) POSTCONDITION
assert (Hr0: r0 mod 2 ^ 128 =? 2 ^ n =
(((Z.shiftr r0 64 ) mod 2 ^ 64 =? 0 ) && (r0 mod 2 ^64 =? 2 ^n))%bool).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert
(r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
change (2 ^128 ) with (2 ^64 * 2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert
(r0 mod (2 ^ 64 * 2 ^ 64 ) =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
rewrite Zmod_recombine by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert
((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =?
2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
elim Z.eqb_spec.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 =
2 ^ n ->
true =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 = 2 ^ n
true =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
assert (Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 0 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 = 2 ^ n
(r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
apply (f_equal (fun x => x / 2 ^64 )) in Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : ((r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 ) / 2 ^ 64 =
2 ^ n / 2 ^ 64
(r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
rewrite Z.div_add_l, Zmod_div, Z.add_0_r in Heq by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 2 ^ n / 2 ^ 64
(r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
rewrite Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 2 ^ n / 2 ^ 64
2 ^ n / 2 ^ 64 = 0
apply Zdiv_small.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 2 ^ n / 2 ^ 64
0 <= 2 ^ n < 2 ^ 64
split ;[apply Z.pow_nonneg|apply Z.pow_lt_mono_r];lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 = 2 ^ n Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
true =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
rewrite Hr0, Z.mul_0_l, Z.add_0_l in Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : r0 mod 2 ^ 64 = 2 ^ n Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
true =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
rewrite Zbits.Zshiftr_div_two_p, two_p_correct, Hr0, Heq, !Z.eqb_refl by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Heq : r0 mod 2 ^ 64 = 2 ^ n Hr0 : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
true = (true && true)%bool
reflexivity .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + r0 mod 2 ^ 64 <>
2 ^ n ->
false =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
intros Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 <> 2 ^ n
false =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
elim (Z.eqb_spec _ (2 ^n));[rewrite andb_true_r|rewrite andb_false_r;reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 <> 2 ^ n
r0 mod 2 ^ 64 = 2 ^ n ->
false = (Z.shiftr r0 64 mod 2 ^ 64 =? 0 )
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 +
r0 mod 2 ^ 64 <> 2 ^ n Heq : r0 mod 2 ^ 64 = 2 ^ n
false = (Z.shiftr r0 64 mod 2 ^ 64 =? 0 )
rewrite Heq in Hneq; clear Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 2 ^ n <>
2 ^ n
false = (Z.shiftr r0 64 mod 2 ^ 64 =? 0 )
symmetry ; apply Z.eqb_neq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 2 ^ n <>
2 ^ n
Z.shiftr r0 64 mod 2 ^ 64 <> 0
rewrite Zbits.Zshiftr_div_two_p, two_p_correct by lia .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 2 ^ n <>
2 ^ n
(r0 / 2 ^ 64 ) mod 2 ^ 64 <> 0
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 2 ^ n <>
2 ^ n Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
False
apply Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 2 ^ n <>
2 ^ n Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
(r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 2 ^ n = 2 ^ n
rewrite Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hneq : (r0 / 2 ^ 64 ) mod 2 ^ 64 * 2 ^ 64 + 2 ^ n <>
2 ^ n Heq : (r0 / 2 ^ 64 ) mod 2 ^ 64 = 0
0 * 2 ^ 64 + 2 ^ n = 2 ^ n
ring .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec Delta := abbreviate : tycontext SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 POSTCONDITION := abbreviate : ret_assert Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
semax Delta
(PROP ( )
LOCAL (temp _t'2
(Vlong (Int64.repr (Z.shiftr r0 64 )));
temp _r r; temp _n (Vint (Int.repr n)))
SEP (data_at sh t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) r))
(if (_t'2 == (0 )) {
((_t'3 = (_r->_lo);
_t'1 = (tbool) (_t'3 == (tulong) (1 ) << _n);)
_t'1 = (tint) _t'1;)
} else {
_t'1 = (tint) (0 );
}) POSTCONDITION
forward_if; repeat forward; entailer!. Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) = Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.shl (Int64.repr 1 ) (Int64.repr n)))))
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) = Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.shl (Int64.repr 1 ) (Int64.repr n)))))
rewrite Hr0.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) = Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
then 1
else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.shl (Int64.repr 1 ) (Int64.repr n)))))
apply (f_equal Int64.unsigned) in H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.unsigned (Int64.repr (Z.shiftr r0 64 )) =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
then 1
else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.shl (Int64.repr 1 ) (Int64.repr n)))))
rewrite Int64.unsigned_repr_eq in H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod Int64.modulus =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
then 1
else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.shl (Int64.repr 1 ) (Int64.repr n)))))
change Int64.modulus with (2 ^64 ) in *.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
then 1
else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.shl (Int64.repr 1 ) (Int64.repr n)))))
rewrite H1, Z.eqb_refl, andb_true_l.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 64 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0)
(Int64.shl (Int64.repr 1 ) (Int64.repr n)))))
rewrite Int64.shl_mul_two_p, mul64_repr, Z.mul_1_l, two_p_correct, Int64.unsigned_repr by rep_lia.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 64 =? 2 ^ n then 1 else 0 )) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr (2 ^ n)))))
elim (Z.eqb_spec _ (2 ^n)).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
r0 mod 2 ^ 64 = 2 ^ n ->
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr (2 ^ n)))))
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : r0 mod 2 ^ 64 = 2 ^ n
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr (2 ^ n)))))
rewrite <- (Int64.repr_unsigned (Int64.repr r0)), Int64.unsigned_repr_eq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : r0 mod 2 ^ 64 = 2 ^ n
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (r0 mod Int64.modulus))
(Int64.repr (2 ^ n)))))
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : r0 mod 2 ^ 64 = 2 ^ n
Vint (Int.repr 1 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr (r0 mod 2 ^ 64 ))
(Int64.repr (2 ^ n)))))
rewrite Heq, Int64.eq_true.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : r0 mod 2 ^ 64 = 2 ^ n
Vint (Int.repr 1 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
reflexivity .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
r0 mod 2 ^ 64 <> 2 ^ n ->
Vint (Int.repr 0 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr (2 ^ n)))))
intros Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n
Vint (Int.repr 0 ) =
force_val
(sem_cast_i2i I32 Signed
(Val.of_bool
(Int64.eq (Int64.repr r0) (Int64.repr (2 ^ n)))))
case_eq (Int64.eq (Int64.repr r0) (Int64.repr (2 ^n)));[|reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n
Int64.eq (Int64.repr r0) (Int64.repr (2 ^ n)) = true ->
Vint (Int.repr 0 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n Heq : Int64.eq (Int64.repr r0) (Int64.repr (2 ^ n)) =
true
Vint (Int.repr 0 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
apply Int64.same_if_eq in Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n Heq : Int64.repr r0 = Int64.repr (2 ^ n)
Vint (Int.repr 0 ) =
force_val (sem_cast_i2i I32 Signed (Val.of_bool true))
elim Hneq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n Heq : Int64.repr r0 = Int64.repr (2 ^ n)
r0 mod 2 ^ 64 = 2 ^ n
rewrite <- Int64.unsigned_repr_eq, Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n Heq : Int64.repr r0 = Int64.repr (2 ^ n)
Int64.unsigned (Int64.repr (2 ^ n)) = 2 ^ n
apply Int64.unsigned_repr.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n Heq : Int64.repr r0 = Int64.repr (2 ^ n)
0 <= 2 ^ n <= Int64.max_unsigned
split ;[apply Z.pow_nonneg;lia |].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n Heq : Int64.repr r0 = Int64.repr (2 ^ n)
2 ^ n <= Int64.max_unsigned
cut (2 ^n < 2 ^64 );[rep_lia|].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Z.shiftr r0 64 mod 2 ^ 64 =
Int64.unsigned Int64.zero H2 : is_int I32 Signed
(force_val
(sem_cast tint tint
(force_val
(sem_cast tint tbool
(eval_binop Oeq tulong tulong
(Vlong (Int64.repr r0))
(eval_binop Oshl tulong tuint
(eval_cast tint tulong
(Vint (Int.repr 1 )))
(Vint (Int.repr n)))))))) PNr : is_pointer_or_null r H3 : field_compatible t_secp256k1_uint128 [] r H4 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Hneq : r0 mod 2 ^ 64 <> 2 ^ n Heq : Int64.repr r0 = Int64.repr (2 ^ n)
2 ^ n < 2 ^ 64
apply Z.pow_lt_mono_r;lia .
+ Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr (if r0 mod 2 ^ 128 =? 2 ^ n then 1 else 0 )) =
Vint (Int.repr 0 )
rewrite Hr0.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Vint
(Int.repr
(if
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
elim (Z.eqb_spec _ 0 );[|reflexivity ].Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 )))
Z.shiftr r0 64 mod 2 ^ 64 = 0 ->
Vint
(Int.repr
(if (true && (r0 mod 2 ^ 64 =? 2 ^ n))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
intros Heq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 0
Vint
(Int.repr
(if (true && (r0 mod 2 ^ 64 =? 2 ^ n))%bool
then 1
else 0 )) = Vint (Int.repr 0 )
elim H1.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 0
Int64.repr (Z.shiftr r0 64 ) = Int64.repr 0
rewrite <- (Int64.repr_unsigned (Int64.repr (Z.shiftr r0 64 ))), Int64.unsigned_repr_eq.Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 0
Int64.repr (Z.shiftr r0 64 mod Int64.modulus) =
Int64.repr 0
change Int64.modulus with (2 ^64 ).Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 0
Int64.repr (Z.shiftr r0 64 mod 2 ^ 64 ) = Int64.repr 0
f_equal .Espec : OracleKind r : val sh : share r0, n : Z Delta_specs : Maps.PTree.t funspec SH : readable_share sh H : 0 <= n < 127 H0 : n < 64 Hr0 : (r0 mod 2 ^ 128 =? 2 ^ n) =
((Z.shiftr r0 64 mod 2 ^ 64 =? 0 ) &&
(r0 mod 2 ^ 64 =? 2 ^ n))%bool H1 : Int64.repr (Z.shiftr r0 64 ) <> Int64.repr 0 PNr : is_pointer_or_null r H2 : field_compatible t_secp256k1_uint128 [] r H3 : value_fits t_secp256k1_uint128
(Vlong (Int64.repr r0),
Vlong (Int64.repr (Z.shiftr r0 64 ))) Heq : Z.shiftr r0 64 mod 2 ^ 64 = 0
Z.shiftr r0 64 mod 2 ^ 64 = 0
assumption .
Qed .
Require Import VST.floyd.VSU.
Definition Int128ASI :funspecs :=
[secp256k1_u128_mul_spec
;secp256k1_u128_accum_mul_spec
;secp256k1_u128_accum_u64_spec
;secp256k1_u128_rshift_spec
;secp256k1_u128_to_u64_spec
;secp256k1_u128_hi_u64_spec
;secp256k1_u128_from_u64_spec
;secp256k1_u128_check_bits_spec
;secp256k1_i128_mul_spec
;secp256k1_i128_accum_mul_spec
;secp256k1_i128_dissip_mul_spec
;secp256k1_i128_det_spec
;secp256k1_i128_rshift_spec
;secp256k1_i128_to_i64_spec
;secp256k1_i128_from_i64_spec
;secp256k1_i128_eq_var_spec
;secp256k1_i128_check_bit_spec
].
(*
Definition Int128VSU: @VSU NullExtension.Espec
nil nil ltac:(QPprog prog) Int128ASI emp.
Proof.
mkVSU prog Int128ASI.
+ solve_SF_internal body_secp256k1_umulh.
Qed.
*)